CVE-2017-16028

CVE-2017-16028

Vendor Hackerone
Product react-native-meteor-oauth node module
Weakness CWE-330 · Insufficient randomness
Published June 4, 2018
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).

Key dates

02Disclosure timeline

June 4, 2018 CVE published
September 17, 2024 Record updated