Versions Compared

Old Version 134

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rule

Severity

Likelihood

Detectable

Repairable

Priority

Level

MSC02-J

High

Probable

No

No

P6

L2

Automated Detection

Tool
Version
Checker
Description
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.HARDCODED.SEED
JAVA.LIB.RAND.FUNC
JAVA.CRYPTO.RCF
JAVA.CRYPTO.RA
JAVA.CRYPTO.RF
JAVA.CRYPTO.BASE64
JAVA.CRYPTO.WHAF
JAVA.LIB.RAND.LEGACY.GEN

Hardcoded Random Seed
Insecure Random Number Generator
Risky Cipher Field
Risky Cryptographic Algorithm)
Risky Cryptographic Field
Unsafe Base64 Encoding
Weak Hash Algorithm Field
Legacy Random Generator

Coverity7.5RISKY_CRYPTOImplemented
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CRT.MSC02.SRDUse 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()'
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

Ics07JavaFull Implementation
SonarQube
Include Page
SonarQube_V
SonarQube_V
S2245

Related Vulnerabilities

CVE-2006-6969 describes a vulnerability that enables attackers to guess session identifiers, bypass authentication requirements, and conduct cross-site request forgery attacks.

...