Uploaded image for project: 'CAS Server'
  1. CAS-1356

java.util.Random is used when java.security.SecureRandom should be used

    Details

    • Type: Security Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.0
    • Fix Version/s: 4.0 RC2, 4.0
    • Component/s: Architecture, Ticket
    • Labels:
      None

      Description

      During a static code scan, we found that the following file is using java.util.Random; to generate id’s that may need to be securely random.

      java.security.SecureRandom should be used instead: http://docs.oracle.com/javase/6/docs/api/java/security/SecureRandom.html

      https://github.com/Jasig/cas/blob/v3.5.2/cas-server-core/src/main/java/org/jasig/cas/authentication/principal/GoogleAccountsService.java

        Attachments

          Activity

            People

            • Assignee:
              mmoayyed Misagh Moayyed
              Reporter:
              davidohsie David Ohsie
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: