...
This can lead to security threat since, after the first run, an attacker will know the sequence to be generated.
Noncompliant Code Example
The following code generates a sequence of 10 pseudorandom numbers. No matter how many times this code is executed, it always produces the same sequence.
| Code Block |
|---|
for (int i=0; i<10; i++)
{
 cout<<rand()<<endl; /* Always generates the same sequence */
}
|
Compliant Solution
Use srand() before rand() to seed the random sequence generated by rand().
| Code Block |
|---|
srand(time(NULL)); /* Create seed based on current time */
for (int i=0; i<10; i++)
{
 cout<<rand()<<endl; /* Generates different sequences at different runs */
}
|
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC18-C |
| likely |
|
|
|
Automated Detection
TODO
Related Vulnerabilities
TODO
Other Languages
This recommendation appears in the C Secure Coding Standard as MSC18C. Use srand() before rand() to generate different sequences of pseudorandom numbers.
References
C++Reference