This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 57.00000000000001%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
The session ID variables in my endpoint are predictable and it shows vulnerability "Insufficient Session ID Entropy" in the scan result. I would like to ask if these variables can be modified?
Also, the suggested fix is to ensure that the session ID must be properly generated by using a cryptographically secure pseudorandom number generator (PRNG). Can you suggest how to apply this fix if this is feasible? Or is there any other way to remediate the vulnerability? Thanks in advance.