Use of Insufficiently Random Values
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-330: Use of Insufficiently Random Values |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Generating UUIDs using uuid.uuid1() creates identifiers based on predictable system information like the MAC address and timestamp. This makes UUIDs guessable and unsuitable for security-sensitive uses.
Impact#
Attackers could predict or forge UUIDs to access or manipulate data tied to those identifiers, potentially leading to unauthorized access, data leaks, or replay attacks. This undermines the integrity and confidentiality of your application’s data.