Don't use rand()
mallorydxw opened this issue · 1 comments
mallorydxw commented
Bug is here:
otp/src/Otp/GoogleAuthenticator.php
Line 154 in 7b1c92e
rand() isn't a CSPRNG - even the PHP team caution against treating it as such: http://php.net/rand#refsect1-function.rand-notes
ChristianRiesen commented
Thank you, fixed it now.