java.util.Random is used when java.security.SecureRandom should be used

Description

During a static code scan, we found that the following file is using java.util.Random; to generate id’s that may need to be securely random.

java.security.SecureRandom should be used instead: http://docs.oracle.com/javase/6/docs/api/java/security/SecureRandom.html

https://github.com/Jasig/cas/blob/v3.5.2/cas-server-core/src/main/java/org/jasig/cas/authentication/principal/GoogleAccountsService.java

Environment

None

Status

Assignee

Misagh Moayyed

Reporter

David Ohsie

Labels

None

Estimated End Date

None

Audience

None

Components

Fix versions

Affects versions

3.5.0

Priority

Major