The random number generator implemented by 'new Random()' cannot withstand a cryptographic attack.Standard pseudorandom number generators cannot withstand cryptographic attacks.

ruoyi-auth/ruoyi-auth-common/src/main/java/com/ruoyi/auth/common/utils/RandomCodeUtil.java

@@ -1,12 +1,12 @@
 package com.ruoyi.auth.common.utils;
 
-import java.util.Random;
+import java.security.SecureRandom;
 
 public class RandomCodeUtil {
 
     public static String randomString(String characters, int length) {
         StringBuilder result = new StringBuilder();
-        Random random = new Random();
+        SecureRandom  random = new SecureRandom();
 
         for (int i = 0; i < length; i++) {
             int index = random.nextInt(characters.length());

ruoyi-framework/src/main/java/com/ruoyi/framework/config/KaptchaTextCreator.java

@@ -1,6 +1,7 @@
 package com.ruoyi.framework.config;
 
-import java.util.Random;
+import java.security.SecureRandom;
+
 import com.google.code.kaptcha.text.impl.DefaultTextCreator;
 
 /**
@@ -16,7 +17,7 @@ public class KaptchaTextCreator extends DefaultTextCreator
     public String getText()
     {
         Integer result = 0;
-        Random random = new Random();
+        SecureRandom random = new SecureRandom();
         int x = random.nextInt(10);
         int y = random.nextInt(10);
         StringBuilder suChinese = new StringBuilder();