voucher-code-generator-java icon indicating copy to clipboard operation
voucher-code-generator-java copied to clipboard

Published 20 hours ago verified publisher icon voucherifyio

fix: CSPRNG

Open chgg-kboberg opened this issue 2 years ago • 0 comments

A clever user with access to enough voucher codes can recover the initial state of a long-running Java process, allowing them to forge codes. Seed recovery of Knuth's PRNG is a practical attack: https://hal.archives-ouvertes.fr/hal-02700791/document

Since voucher codes may have monetary value, I would recommend applying this relatively trivial patch.

chgg-kboberg avatar Nov 10 '21 16:11 chgg-kboberg