Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
383 views
in Technique[技术] by (71.8m points)

sessionid - Session Management: Insufficient Session ID Entropy

The session ID variables in my endpoint are predictable and it shows vulnerability "Insufficient Session ID Entropy" in the scan result. I would like to ask if these variables can be modified?

Also, the suggested fix is to ensure that the session ID must be properly generated by using a cryptographically secure pseudorandom number generator (PRNG). Can you suggest how to apply this fix if this is feasible? Or is there any other way to remediate the vulnerability?

question from:https://stackoverflow.com/questions/66057354/session-management-insufficient-session-id-entropy

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...