Using pseudorandom number generator (PRNG) is not secure since it generates a predictable sequence. This can be exploited to bypass authentication and hijack the user’s session, as well as to carry out the DNS cache poisoning attack.

PRNGs generate number sequences based on the initial seed value. There are two types of PRNG: statistical and cryptographic. Statistical PRNGs generate predictable sequences, which are similar to random according to the statistical characteristics. They must not be used for security purposes. The result of the cryptographic PRNG, on the contrary, is impossible to predict if the seed value is derived from a source with high entropy. The value of the current time has a small entropy and is also insecure as a seed.

C-sharp : Setting manipulation

DerScanner Severity Score

Do you want to fix C-sharp : Setting manipulation in your application?

See also