Insecure Randomness security vulnerability in RoboHelp Version 2020.7.46

Report · May 03, 2022

Our Security team performed a Fortify SCA scan of our source code and found some security vulnerabilities relating to some of our RoboHelp files. I need help fixing this issue. Only related post I saw was a suggested patch for RH 2015.

The files that are problematic are common.min.js, layout.min.js, rh.min.js, and topic.min.js.

Can anyone help?

Report · Sep 07, 2022

Old files on the server is what @Amebr was pointing at in her post.

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

Help others by clicking Correct Answer if the question is answered. Found the answer elsewhere? Share it here. "Upvote" is for useful posts.

Report · Sep 08, 2022

Absolutely! Thank you as always, Peter.

Report · Sep 07, 2022

@Sleant if you have those files in your project source, it probably means that at some point someone accidentally generated the output into the source folder. Do you know if that was detected and cleaned up? If not, you might have some additional things to double-check .

Report · Sep 08, 2022

You're always right 🙂 What I didn't know was that the culprit could be from the source file (.../sourcefiles/contents/assets/js/*). I kept thinking it was the published files and folders. You're comment definitely guided me through my though process, so thank you as always.