Headline
CVE-2016-15005: GO-2020-0045 - Go Packages
CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.
Why Go
Common problems companies solve with Go
Stories about how and why companies use Go
How Go can help keep you secure by default
Learn
Docs
Tips for writing clear, performant, and idiomatic Go code
A complete introduction to building software with Go
Reference documentation for Go’s standard library
Learn what’s new in each Go release
Packages
Community
Videos from prior events
Meet other local Go developers
Learn and network with Go developers from around the world
The Go project’s official blog.
Get help and stay informed from Go
Get connected
Related news
CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.