Details
-
Task
-
Resolution: Works as Designed
-
Critical - P2
-
None
-
None
-
None
-
None
Description
Hi,
We got the below issue when we ran Veracode testing our code.
Insufficient Entropy (CWE ID 331)
Class : BaseCluster.java
line no: 336
We are using mongo-java-driver-3.4.1.jar
As per the issue, it seems standard random number generator has been used when a more secure cryptograpic generator should have been used.
Is this a false positive from Veracode and can it be safely ignored.
If not, can you please let us know if it can be mitigated in java driver code.
Thanks,
lauriep