You are here

Weak Randomness in Apache Commons Lang

Randomness, RNG, PRNG

Apache Commons Lang uses a weak source of randomness to generate random strings in its RandomStringUtils. This leads to predictable randomness, which is severe if the randomness is needed to be unpredictable, e.g. in access tokens.

Airlock Secure Access Hub is not vulnerable: commons lang is used, but RandomStringUtils are not employed to generate random strings.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required