rspec/rules/S2245/description.adoc

Using pseudorandom number generators (PRNGs) is security-sensitive. For example, it has led in the past to the following vulnerabilities:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386[CVE-2013-6386]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419[CVE-2006-3419]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102[CVE-2008-4102]

When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`Using pseudorandom number generators (PRNGs) is security-sensitive. For example, it has led in the past to the following vulnerabilities:`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386[CVE-2013-6386]`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3419[CVE-2006-3419]`
			`* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4102[CVE-2008-4102]`

			`When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.`