Course

The Code Review Snippet challenges provide small snippets of vulnerable code for you to analyze and identify issues. In this challenge, we focus on a Java class named `Otp` that generates one-time passwords (OTPs). The class uses the `Random` class from `java.util` to generate a four-digit OTP by appending random digits in a loop.

A key issue with this approach is that `java.util.Random` is not suitable for cryptographic purposes, making the OTPs predictable. Additionally, the static `Random` object is reused, meaning that consecutive OTPs can potentially be predicted if the internal state of the random generator is known. This combination of a weak random generator and static state reuse exposes the system to security vulnerabilities, allowing attackers to predict previous or future OTPs.