RSS   Vulnerabilities for 'Socket.io'   RSS

2018-06-04
 
CVE-2017-16031

CWE-330
 

 
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.

 

 >>> Vendor: Socket 4 Products
Engine.io-client
Socket.io
Engine.io
Socket.io-parser


Copyright 2024, cxsecurity.com

 

Back to Top