hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Adding Membership.GeneratePassword() as a bad source of random data because of the bias.

Browse Source
This commit is contained in:
Raul Garcia (MSFT)
2021-08-04 17:12:00 -07:00
parent 6a09a5667d
commit 8544356f90
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/src/Security Features/InsecureRandomness.cs
View File

@@ -15,7 +15,7 @@ string GeneratePassword()
password = "mypassword" + BitConverter.ToInt32(randomBytes);
}
// GOOD: Password is generated using a cryptographically secure RNG
// BAD: Membership.GeneratePassword is generates a password with a bias
password = Membership.GeneratePassword(12, 3);
return password;