=== relates to: S3329

=== relates to: S4347

=== on 16 Jan 2015, 08:54:49 Sébastien Gioria wrote:
This rule should be tag OWASP-Top10. It's part of OWASP Top10 A6-Sensitive_Data_Exposure.


It could bee tag also : 


* CWE Entry 310 on Cryptographic Issues  (\http://cwe.mitre.org/data/definitions/310.html)
* CWE Entry 326 on Weak Encryption (\http://cwe.mitre.org/data/definitions/326.html) 

=== on 19 Jan 2015, 09:04:43 Ann Campbell wrote:
Thanks [~sebastien.gioria]

=== on 27 Jul 2018, 20:50:24 Ann Campbell wrote:
\[~nicolas.harraudeau] where do you expect the issue to be raised? On the ``++rand()++`` call or where the value is used?

=== on 30 Jul 2018, 10:05:05 Nicolas Harraudeau wrote:
\[~ann.campbell.2] On the rand() call. This is a hotspot because we are not yet able to detect if the context is dangerous or not.


We could later detect that an encryption function or a hash is using the generated value, but it would then be classified as a Vulnerability instead of a Hotspot.