Insecure Random Number Generator #110

zisanyavuz · 2024-11-06T08:03:29Z

A high severity vulnerability has been discovered in your project.

Project Name: test79

Scanner Name: codethreat

Cwe ID: 338

Cwe Name: Use of Cryptograhically Weak Pseudo-Random Number Generator (PRNG)

Cwe Link: https://cwe.mitre.org/data/definitions/338.html

File: nerginturgut-WebGoat1234-3bfcebc/src/main/java/org/owasp/webgoat/lessons/challenges/challenge7/PasswordResetLink.java

Line: 39

Code:


-34 -     if (args == null || args.length != 2) {
-35 -       System.out.println("Need a username and key");
-36 -       System.exit(1);
-37 -     }
-38 -     String username = args[0];
*39 -     String key = args[1];
-40 -     System.out.println("Generation password reset link for " + username);
-41 -     System.out.println(
-42 -         "Created password reset link: "
-43 -             + new PasswordResetLink().createPasswordReset(username, key));
-44 -   }
-45 -

Custom Description: test

Kondukto Link: https://9a4f-104-155-30-65.ngrok-free.app/projects/6703db4e0fadccdc7e5dfc4c/vulns/appsec?page=1&perPage=15&id=in:670655e9643219475b69bc2f
Deeplink: There is no available deeplink

The text was updated successfully, but these errors were encountered:

zisanyavuz added bug Something isn't working KONDUKTO labels Nov 6, 2024

zisanyavuz self-assigned this Nov 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Insecure Random Number Generator #110

Insecure Random Number Generator #110

zisanyavuz commented Nov 6, 2024

Insecure Random Number Generator #110

Insecure Random Number Generator #110

Comments

zisanyavuz commented Nov 6, 2024