Insecure Randomness

Affecting react-native-meteor-oauth package, ALL versions

low severity

Overview

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The Oauth Random Token is generated using the cryptographically insecure Math.random which can produce predictable values and should not be used in security-sensitive context.

Remediation

There is no fix version for react-native-meteor-oauth.

References

Credit
Sven Slootweg
CWE
CWE-330
Snyk ID
npm:react-native-meteor-oauth:20170414
Disclosed
16 Apr, 2017
Published
16 Apr, 2017

Do your applications use this vulnerable package?