AbstractProfileBase#generateID uses Random() instead of SecureRandom()

spring-attic / spring-security-saml

SAML extension for the Spring Security project

Other

419 stars 484 forks source link

Open gstanchev opened 3 years ago

gstanchev commented 3 years ago

This should be an easy fix, but IDs should be generated using PRNG of crypto-strength

rwinch commented 3 years ago

Thanks for the report. Would you be interested in submitting a pull request?

gstanchev commented 3 years ago

Yes. Please bear with me as it will be my first.

rwinch commented 3 years ago

No problem. Please let me know if I can be of any help