-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Masking is not cryptographically secure #334
Comments
This has been fixed in |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The random number generator used for masking frames is not cryptographically secure:
web_socket_channel/lib/src/copy/web_socket_impl.dart
Line 28 in 3db86bc
web_socket_channel/lib/src/copy/web_socket_impl.dart
Lines 508 to 514 in 3db86bc
This is a security concern (CWE-331), and deviates from RFC 6455 section 10.3:
The text was updated successfully, but these errors were encountered: