lang:

PHP

regex:

uniqid\s?\(

description:

The application uses timestamp-based number generation that is not cryptographically secure, uniqid() is basically sprintf("%x",gettime()).  Carry out a manual check to ensure this is not being used in a process that requires cryptographically secure random or unique numbers.
tags:
insecure weak random
results