Weak Random Number Generation High

The math/rand package provides pseudo-random number generation unsuitable for cryptographic or security purposes. It is predictable and can lead to sensitive data exposure. crypto/rand should be used instead as it generates secure random numbers based on system entropy. Using math/rand for key generation, identifiers, or any sensitive use makes the application vulnerable to statistical attacks revealing the random values. Proper secure random number generation prevents attackers from predicting values to access secrets.

Detector ID
go/weak-random-number-generation@v1.0
Category
Common Weakness Enumeration (CWE) external icon