Impact
Generation of insufficiently random numbers in java.util.UUID.randomUUID() allows attackers to predict future generated UUIDs via observation of previously generated UUIDs (observing a single generated UUID may be sufficient). Depending on whether and how particular applications expose and use the generated UUIDs, the actual vector and impact vary.
If you use java.util.UUID.randomUUID() to generate user-visible UUIDs, and predicting subsequent UUIDs poses a security risk to your application, you are affected.
In addition, the underlying PRNG has only 48 bits of state, which means that at most 2^48 different UUIDs may be generated by randomUUID(). This can cause likely collisions between generated UUIDs.
Patches
Scala.js v1.10.0 fixes the issue. It uses java.security.SecureRandom to implement randomUUID().
java.security.SecureRandom is not provided by Scala.js core. Therefore, to be able to use randomUUID(), you will need to add a dependency on scalajs-java-securerandom. Failing to do so will result in linking errors (i.e., fastLinkJS/fullLinkJS will fail).
Workarounds
If you cannot upgrade, you should generate UUIDs using a different method than randomUUID(). Use a better random number generator, for example crypto.getRandomValues() in browsers or require("crypto").randomFillSync in Node.js.
References
- #4657 Scala.js should not provide a cryptographically insecure
UUID.randomUUID() implementation
armanbilge Analyst
Impact
Generation of insufficiently random numbers in
java.util.UUID.randomUUID()allows attackers to predict future generated UUIDs via observation of previously generated UUIDs (observing a single generated UUID may be sufficient). Depending on whether and how particular applications expose and use the generated UUIDs, the actual vector and impact vary.If you use
java.util.UUID.randomUUID()to generate user-visible UUIDs, and predicting subsequent UUIDs poses a security risk to your application, you are affected.In addition, the underlying PRNG has only 48 bits of state, which means that at most 2^48 different UUIDs may be generated by
randomUUID(). This can cause likely collisions between generated UUIDs.Patches
Scala.js v1.10.0 fixes the issue. It uses
java.security.SecureRandomto implementrandomUUID().java.security.SecureRandomis not provided by Scala.js core. Therefore, to be able to userandomUUID(), you will need to add a dependency onscalajs-java-securerandom. Failing to do so will result in linking errors (i.e.,fastLinkJS/fullLinkJSwill fail).Workarounds
If you cannot upgrade, you should generate UUIDs using a different method than
randomUUID(). Use a better random number generator, for examplecrypto.getRandomValues()in browsers orrequire("crypto").randomFillSyncin Node.js.References
UUID.randomUUID()implementation