You are here
Weak Randomness in Apache Commons Lang
Submitted on 26. September 2019 - 16:09 by Anonymous (not verified).
Last update on 18. August 2020 - 16:43.
Last update on 18. August 2020 - 16:43.
IDs:
CVE-2019-16303
Keywords:
Randomness, RNG, PRNG
Description:
Apache Commons Lang uses a weak source of randomness to generate random strings in its RandomStringUtils. This leads to predictable randomness, which is severe if the randomness is needed to be unpredictable, e.g. in access tokens.
Airlock Secure Access Hub is not vulnerable: commons lang is used, but RandomStringUtils are not employed to generate random strings.
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
No action required
Reference: