CVE-2021-27884

Vulnerability

Overview

CVE-2021-27884 affects YMFE YApi versions up to 1.9.2. The vulnerability arises from the use of Math.random() in Node.js to generate the JSON Web Token (JWT) signing secret and the password salt. The function randStr in the YApi source code calls Math.random().toString(36).substr(2) to produce a seemingly random string, which is then used both as the JWT signing key and as the salt for password hashing [1][2].

Exploitation

Math.random() is a cryptographically insecure pseudo-random number generator; its outputs are predictable if an attacker can observe enough values. The generated secret is typically a 10–12 character alphanumeric string (lowercase letters and numbers) derived from a base-36 representation of a floating-point number [1]. According to the advisory from GitHub Security Lab (GHSL-2020-228), an attacker who can obtain a single JWT token (e.g., through cross-site scripting or network interception) could, with knowledge of the algorithm, reverse-engineer the internal state of Math.random() and recover past or future secrets [2]. This would allow the attacker to forge JWT tokens for any user ID [1][2].

Impact

Successful exploitation enables an attacker to craft valid JWTs for arbitrary user IDs, leading to unauthorized access to any account on the YApi instance. Because the secret is also used as a password salt, there is an additional risk that password hashes could be weakened, though the primary impact is authentication bypass [1][2]. As of the disclosure timeline, no fix was provided by the maintainer before the 90-day deadline, and the vulnerability remained unpatched at the time of publication [1][2].

Mitigation

Status

The NVD entry and related GitHub issues (the latter referencing a “0day” status) indicate no official patch was available as of the vulnerability’s disclosure [3][4]. Users are advised to treat YApi deployments as untrusted, restrict network access, or consider alternative solutions until a fix is applied [1][2].