CVE-2021-4238

Summary

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.

Affected Software

VendorProductVersion RangeStatus
github.com/Masterminds/goutilsgithub.com/Masterminds/goutils0 < 1.1.1affected

Weaknesses

  • CWE 330: Use of Insufficiently Random Values

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References