Session Management: Insufficient Session ID Entropy

user20201 326 Reputation points
2021-02-04T03:46:13.417+00:00

The session ID variables in my endpoint are predictable and it shows vulnerability "Insufficient Session ID Entropy" in the scan result. I would like to ask if these variables can be modified?

Also, the suggested fix is to ensure that the session ID must be properly generated by using a cryptographically secure pseudorandom number generator (PRNG). Can you suggest how to apply this fix if this is feasible? Or is there any other way to remediate the vulnerability? Thanks in advance.

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,209 questions
0 comments No comments
{count} votes