mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
887 B
887 B
CVE-2017-16031
Description
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on Math.random() to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.
POC
Reference
No PoCs from references.