Insecure Random Number Generator( CWE-330)

bertrandmartel / speed-test-lib

:cloud: JSpeedTest : speed test client library for Java/Android

MIT License

381 stars 119 forks source link

Insecure Random Number Generator( CWE-330) #77

Open sanjeev1903 opened 4 years ago

sanjeev1903 commented 4 years ago

The speed test library uses insecure random number generator in RandomGen.java file in the utils folder. Instead of using Random() , it is more secure to use SecureRandom() which is cryptographically strong. This leads to a CVSS vulnerability with score 7.5

bmos1 commented 3 years ago

Please provide arguments for security relevance on random file for speed test.