CVE-2016-15005

Summary

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.

Affected Software

VendorProductVersion RangeStatus
github.com/dinever/golfgithub.com/dinever/golf0 < 0.3.0affected

Weaknesses

  • CWE 338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References