Fix for security vulnerability Fixed the vulnerability - Use of cryptographically weak pseudo-random number generator Change-Id: I028798f1740dd9eb68398da6ea610f1000848417 Signed-off-by: jegan <jegan.s@tataelxsi.co.in>

commit: 804b359985dc7372419b66a34904124525f1a3d3 [log] [tgz]
author: jegan <jegan.s@tataelxsi.co.in> Mon Jun 30 12:40:50 2025 +0530
committer: garciadeblas <gerardo.garciadeblas@telefonica.com> Thu Jul 03 17:13:06 2025 +0200
tree: 350cdc3a9a753bcfe468884411d768c781d66824
parent: d8c3d8e403336a049e239bdc3239b16d5bdfe32a [diff]
diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py
index fe86f16..9daa3fd 100644
--- a/osm_nbi/authconn_internal.py
+++ b/osm_nbi/authconn_internal.py

@@ -33,7 +33,6 @@
 import logging
 import re
 import secrets
-
 from osm_nbi.authconn import (
     Authconn,
     AuthException,
@@ -52,7 +51,6 @@
 from http import HTTPStatus
 from uuid import uuid4
 from copy import deepcopy
-from random import choice as random_choice
 import smtplib
 from email.message import EmailMessage
 from email.mime.text import MIMEText
@@ -917,7 +915,7 @@
         )
 
     def generate_otp(self):
-        otp = "".join(random_choice("0123456789") for i in range(0, 4))
+        otp = "".join(str(secrets.randbelow(10)) for i in range(0, 4))
         return otp
 
     def send_email(self, indata):
commit	804b359985dc7372419b66a34904124525f1a3d3	[log] [tgz]
author	jegan <jegan.s@tataelxsi.co.in>	Mon Jun 30 12:40:50 2025 +0530
committer	garciadeblas <gerardo.garciadeblas@telefonica.com>	Thu Jul 03 17:13:06 2025 +0200
tree	350cdc3a9a753bcfe468884411d768c781d66824
parent	d8c3d8e403336a049e239bdc3239b16d5bdfe32a [diff]