Java Snippet #02

This challenge covers the review of a snippet of code written in Java

PRO
Tier
Medium
< 1 Hr.
989

Course


The Code Review Snippet challenges provide small snippets of vulnerable code for you to analyze and identify issues. In this challenge, we focus on a Java class named `Otp` that generates one-time passwords (OTPs). The class uses the `Random` class from `java.util` to generate a four-digit OTP by appending random digits in a loop.

A key issue with this approach is that `java.util.Random` is not suitable for cryptographic purposes, making the OTPs predictable. Additionally, the static `Random` object is reused, meaning that consecutive OTPs can potentially be predicted if the internal state of the random generator is known. This combination of a weak random generator and static state reuse exposes the system to security vulnerabilities, allowing attackers to predict previous or future OTPs.

Want to learn more? Get started with PentesterLab Pro! GO PRO