Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
OpenID Client Auto-Generated Password Is Not Cryptographically Strong #1106
The generated OpenID password doesn't contain any special chars, and implementation uses java.util.Random which is not strong for password generation.
Steps to reproduce:
The password contain upper and lower case chars, and numbers.
The code that generates the password: org.gluu.oxtrust.action.UpdateClientAction#generatePassword
What we should have (not working just POC):