Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Airflow
- Attr
- Aws-lambda
- Bokeh
- Boto3
- Cassandra
- Click
- Correctness
- Couchbase
- Cryptography
- Cryptography-diffie-hellman-key-exchange
- Cryptography-dsa
- Cryptography-insecure-random
- Cryptography-rsa-pkcs1-encrypt
- Cryptography-rsa-pkcs1-signature
- Security
- Distributed
- Django
- Docker
- Elasticsearch
- Fastapi
- Flask
- Jinja2
- Jwt
- Lang
- Ldap3
- Mariadb
- Mysql
- Mysqlclient
- Neo4j
- Openai
- Peewee
- Pg8000
- Psycopg2
- Pycryptodome
- Pyjwt
- Pymongo
- Pymssql
- Pymysql
- Pyramid
- Redis
- Requests
- Sh
- Sqlalchemy
- Tormysql
- Urllib3
- Webrepl
- Wtforms
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Cryptography-insecure-random
Cryptography insecure random
When generating random data for use in cryptographic operations, such as an initialization vector, you do not want to use the standard random module APIs. This is because they do not provide a cryptographically secure random number generator, which can result in major security issues depending on the algorithms in use. Therefore, it is our recommendation to always use your operating system’s provided random number generator, which is available as os.urandom().
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A02:2021 - Cryptographic Failures
- A03:2017 - Sensitive Data Exposure