# Weak Password Reset Token

- ID: go-weak-reset-token
- Severity: HIGH
- CWE: Weak Password Recovery (CWE-640)
- Languages: Go

## Description

Password reset token uses predictable values like timestamps or math/rand.

## Remediation

Generate reset tokens using crypto/rand with at least 32 bytes of entropy.

```go
import "crypto/rand"

func generateResetToken() (string, error) {
    b := make([]byte, 32)
    if _, err := rand.Read(b); err != nil {
        return "", err
    }
    return hex.EncodeToString(b), nil
}
```

Learn more: https://shoulder.dev/learn/go/cwe-640/weak-password-reset-token

## Related Rules

- **Weak Password Reset Token** [HIGH]: 
- **Weak Password Reset Token** [HIGH]: