Lang
Crypto
insecure-random
insecure-random
A random number generator was detected which is not guaranteed to be Cryptographically secure. If the source of entropy is used for security purposes (e.g. with other Cryptographic operations), make sure to use the SecCopyRandomBytes
API explicitly.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
OWASP:
- A02:2021 - Cryptographic Failures