CVE-2017-16031

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.

Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.

Affected versions of `socket.io` depend on `Math.random()` to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization. ## Recommendation Update to v0.9.7 or later.

Affected versions of `socket.io` depend on `Math.random()` to create socket IDs, and therefore the IDs are predictable. With enough information on prior IDs, an attacker may be able to guess the socket ID and gain access to socket.io servers without authorization. ## Recommendation Update to v0.9.7 or later.

Socket.io es un framework de aplicación en tiempo real que proporciona comunicaciones mediante websockets. Debido a que las versiones 0.9.6 y anteriores de socket.io dependen de "Math.random()" para crear ID de socket, estos ID son predecibles. Un atacante puede adivinar el ID de socket y obtener acceso a los servidores socket.io, pudiendo obtener información sensible.