# Weak Random Number Generation for Security

- ID: go-weak-random-number-generation
- Severity: HIGH
- CWE: Weak PRNG (CWE-338)
- Languages: Go

## Description

Uses math/rand for security tokens, keys, or session IDs instead of crypto/rand.

## Detection Message

math/rand used for security-sensitive random values

## Remediation

Use crypto/rand for all security-sensitive random values.

```go
import "crypto/rand"

token := make([]byte, 32)
if _, err := rand.Read(token); err != nil {
    return err
}
```

Learn more: https://shoulder.dev/learn/go/cwe-338/weak-random

## Documentation

[object Object]

## Related Rules

- **Weak Random Number Generation in Security Context** [HIGH]: 
- **Insecure Random Number Generation** [MEDIUM]: 
- **Cryptographically Weak Random Number Generation** [MEDIUM]: