voucher-code-generator-java
voucher-code-generator-java copied to clipboard
Results
2
voucher-code-generator-java issues
Sort by
recently updated
recently updated
newest added
A clever user with access to enough voucher codes can recover the initial state of a long-running Java process, allowing them to forge codes. Seed recovery of Knuth's PRNG is...
The voucher code generator implementation uses an insecure source of randomness: https://github.com/voucherifyio/voucher-code-generator-java/blob/master/src/main/java/io/voucherify/generator/VoucherCodes.java#L7 `java.util.Random` uses Knuth's linear congruence pseudorandom number generator. Practical seed recovery attacks on this generator are known: https://hal.archives-ouvertes.fr/hal-02700791/document...