Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CX Insecure_Randomness @ createaccount.php [master] #91

Open
rronen04 opened this issue Jun 30, 2021 · 1 comment
Open

CX Insecure_Randomness @ createaccount.php [master] #91

rronen04 opened this issue Jun 30, 2021 · 1 comment

Comments

@rronen04
Copy link

rronen04 commented Jun 30, 2021
edited by cxronen
Loading

Insecure_Randomness issue exists @ createaccount.php in branch master

Method rand_str at line 13 of createaccount.php uses a weak method rand to produce random values. These values might be used as personal identifiers, session tokens or cryptographic input; however, due to their insufficient randomness, an attacker may be able to derive their value.

Severity: Medium

CWE:330

Checkmarx

Training
Recommended Fix

Lines: 19 13

Code (Line #19):

			$r = $chars{rand(0, $chars_length)};

Code (Line #13):

		$string = $chars{rand(0, $chars_length)};
@cxronen
Copy link
Owner

cxronen commented Jun 30, 2021

Issue still exists.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rronen04 @cxronen