Following is the issue when the security audit was run over the source code on Smart GWT3.0 version.
Insufficient Entropy
Standard random number generators do not provide a sufficient amount of entropy when used for security purposes.
Attackers can brute force the output of pseudorandom number generators such as rand().
Recommendations
If this random number is used where security is a concern, such as generating a session key or session identifier, use a trusted cryptographic random number generator instead. These can be found in an open source library such as OpenSSL.
Module # Class # Module Location
com/.../util/DataTools.java 4626
com/.../util/DataTools.java 4723
com/.../util/DataTools.java 4724
Can we have the resolution for this please?
Insufficient Entropy
Standard random number generators do not provide a sufficient amount of entropy when used for security purposes.
Attackers can brute force the output of pseudorandom number generators such as rand().
Recommendations
If this random number is used where security is a concern, such as generating a session key or session identifier, use a trusted cryptographic random number generator instead. These can be found in an open source library such as OpenSSL.
Module # Class # Module Location
com/.../util/DataTools.java 4626
com/.../util/DataTools.java 4723
com/.../util/DataTools.java 4724
Can we have the resolution for this please?
Comment