Details
-
Type:
Vulnerability Detection
-
Status: Active
-
Resolution: Unresolved
-
Message:Change this seed value to something unpredictable, or remove the seed.
-
Highlighting:
-
Default Severity:Critical
-
Impact:High
-
Likelihood:Low
-
Default Quality Profiles:Sonar way
-
Covered Languages:Java
-
Irrelevant for Languages:ABAP, C#, C, C++, Cobol, CSS, Flex, HTML, JavaScript, Objective-C, PHP, PL/I, PL/SQL, Python, RPG, Swift, T-SQL, TypeScript, VB.Net, VB6, XML
-
Remediation Function:Constant/Issue
-
Constant Cost:2min
-
Analysis Scope:Main Sources
-
Common Rule:Yes
-
CWE:CWE-330, CWE-332, CWE-336, CWE-337
-
OWASP:A6
Description
The java.security.SecureRandom class provides a strong random number generator (RNG) appropriate for cryptography. However, seeding it with a constant or another predictable value will weaken it significantly. In general, it is much safer to rely on the seed provided by the SecureRandom implementation.
This rule raises an issue when SecureRandom.setSeed() or SecureRandom(byte[]) are called with a seed that is either of:
- a constant
- System.currentTimeMillis()
Noncompliant Code Example
SecureRandom sr = new SecureRandom(); sr.setSeed(123456L); // Noncompliant int v = sr.next(32); sr = new SecureRandom("abcdefghijklmnop".getBytes("us-ascii")); // Noncompliant v = sr.next(32);
Compliant Solution
SecureRandom sr = new SecureRandom(); int v = sr.next(32);
See
- OWASP Top 10 2017 Category A6 - Security Misconfiguration
- MITRE, CWE-330 - Use of Insufficiently Random Values
- MITRE, CWE-332 - Insufficient Entropy in PRNG
- MITRE, CWE-336 - Same Seed in Pseudo-Random Number Generator (PRNG)
- MITRE, CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
- CERT, MSC63J. - Ensure that SecureRandom is properly seeded
Attachments
Issue Links
- is implemented by
-
SONARJAVA-2571 Rule S4347: "SecureRandom" seeds should not be predictable
-
- Closed
-
- is related to
-
- Active