CVE-2017-16031

Summary

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random() to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.

Affected Software

VendorProductVersion RangeStatus
HackerOnesocket.io node module<=0.9.6affected

Weaknesses

  • Account Hijacking

ADP Enrichment

CVE Program Container

Additional References

References