voucher-code-generator-java icon indicating copy to clipboard operation
voucher-code-generator-java copied to clipboard

Published 20 hours ago verified publisher icon voucherifyio

Metadata

Results 2 voucher-code-generator-java issues
Sort by recently updated
recently updated
newest added

fix: CSPRNG

A clever user with access to enough voucher codes can recover the initial state of a long-running Java process, allowing them to forge codes. Seed recovery of Knuth's PRNG is...

chgg-kboberg avatar chgg-kboberg

Voucher code generator uses insecure randomness to generate codes

The voucher code generator implementation uses an insecure source of randomness: https://github.com/voucherifyio/voucher-code-generator-java/blob/master/src/main/java/io/voucherify/generator/VoucherCodes.java#L7 `java.util.Random` uses Knuth's linear congruence pseudorandom number generator. Practical seed recovery attacks on this generator are known: https://hal.archives-ouvertes.fr/hal-02700791/document...

chgg-kboberg avatar chgg-kboberg

Metadata

31
Stars
16
Forks
Watchers

Owner

verified publisher icon voucherifyio

Metadata

Back