We found results for “”
WS-2017-0107
Good to know:
Date: September 20, 2016
websockets uses Math.random function to generate masking key. This function is not random enough allowing an attacker to easily guess the key. Having the key an attacker can read the payload causing potential information disclosure.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Information Leak / Disclosure
CWE-200Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | ADJACENT_NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |