blob: 09fad5d9af15dd6e7035b8d2890f688bd150404a [file] [log] [blame]
module: github.com/dinever/golf
versions:
- fixed: v0.3.0
description: |
CSRF tokens are generated using math/rand, which is not a cryptographically secure
rander number generation, making predicting their values relatively trivial and
allowing an attacker to bypass CSRF protections which relatively few requests.
published: 2021-04-14T12:00:00Z
credit: "@elithrar"
symbols:
- randomBytes
links:
pr: https://github.com/dinever/golf/pull/24
commit: https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe
context:
- https://github.com/dinever/golf/issues/20