The session ID variables in my endpoint are predictable and it shows vulnerability "Insufficient Session ID Entropy" in the scan result. I would like to ask if these variables can be modified?
Also, the suggested fix is to ensure that the session ID must be properly generated by using a cryptographically secure pseudorandom number generator (PRNG). Can you suggest how to apply this fix if this is feasible? Or is there any other way to remediate the vulnerability?
2.1m questions
2.1m answers
60 comments
57.0k users
