Open gen0cide opened 3 years ago
https://github.com/auth0/node-saml/blob/7ee79849d6b0a0935e42ad456ae8cb92d2b3bb93/lib/utils.js#L61
This function is used to generate unique UIDs throughout the SAML library. Given that SAML deals with authentication, it seems like poor practice to not generate random UIDs in a cryptographically secure manner.
Reference: https://nodejs.org/api/crypto.html#crypto_crypto_randomint_min_max_callback Guidance: https://gist.github.com/joepie91/7105003c3b26e65efcea63f3db82dfba
https://github.com/auth0/node-saml/blob/7ee79849d6b0a0935e42ad456ae8cb92d2b3bb93/lib/utils.js#L61
This function is used to generate unique UIDs throughout the SAML library. Given that SAML deals with authentication, it seems like poor practice to not generate random UIDs in a cryptographically secure manner.
Reference: https://nodejs.org/api/crypto.html#crypto_crypto_randomint_min_max_callback Guidance: https://gist.github.com/joepie91/7105003c3b26e65efcea63f3db82dfba