React: Insecure Randomness (Security Features, Structural)

Hello Team,

We use React 0.14.7 in one of our projects and we recently did a security analysis of our product for an important change. As part of the analysis ( particularly Fortify scan ), we came across an issue which is related to React framework itself. The reported issue is Insecure Randomness - _Standard pseudorandom number generators cannot withstand cryptographic attacks._ which has been raised because of the usage of Math.random() in the framework.

Pasting actual content from the Fortify report.

Abstract

Standard pseudorandom number generators cannot withstand cryptographic attacks.

Explanation

Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in a security-sensitive context. Computers are deterministic machines, and as such are unable to produce true randomness. Pseudorandom Number Generators (PRNGs) approximate randomness algorithmically, starting with a seed from which subsequent values are calculated. There are two types of PRNGs: statistical and cryptographic.
Statistical PRNGs provide useful statistical properties, but their output is highly predictable and form an easy to reproduce numeric stream that is unsuitable for use in cases where security depends on generated values being unpredictable. Cryptographic PRNGs address this problem by generating output that is more difficult to predict. For a value to be cryptographically secure, it must be impossible or highly improbable for an attacker to distinguish between the generated random value and a truly random value. In general, if a PRNG algorithm is not advertised as
being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts, where its use can lead to serious vulnerabilities such as easy-to-guess temporary passwords, predictable cryptographic keys, session hijacking, and DNS spoofing. Example: The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.
function genReceiptURL (baseURL){
var randNum = Math.random();
var receiptURL = baseURL + randNum + ".html";
return receiptURL;
}
This code uses the Math.random() function to generate "unique" identifiers for the receipt pages it generates. Since Math.random() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG.

Recommendation

When unpredictability is critical, as is the case with most security-sensitive uses of randomness, use a cryptographic PRNG. Regardless of the PRNG you choose, always use a value with sufficient entropy to seed the algorithm. (Do not use values such as the current time because it offers only negligible entropy.) In JavaScript, the typical recommendation is to use the indow.crypto.random() function in the Mozilla API. However, this method does not work in many browsers, including more recent versions of Mozilla Firefox. There is currently no crossbrowser solution for a robust cryptographic PRNG. In the meantime, consider handling any PRNG functionality outside of JavaScript.

And our security analysis team advised us to upgrade to the latest version ( 16.x ) of React. But even the latest version of the framework has few usages of Math.random() in it.

What should we do now? Please advise if we can live with this issue reported by Fortify scan.

P.S: The Fortify Engine version used for the scan is 18.20.1071.
And adding one of the issues reported in Fortify scan for reference.

Issue Details

Kingdom: Security Features
Scan Engine: SCA (Structural)

Sink Details

Sink: FunctionPointerCall
Enclosing Method: createReactRootIndex()
File: /scripts/react/react-0.14.7.js:14206
Taint Flags:
14203
14204 var ServerReactRootIndex = {
14205 createReactRootIndex: function () {
14206 return Math.ceil(Math.random() * GLOBAL_MOUNT_POINT_MAX);
14207 }
14208 };
14209

Thanks,
Jey