From 804b359985dc7372419b66a34904124525f1a3d3 Mon Sep 17 00:00:00 2001
From: jegan <jegan.s@tataelxsi.co.in>
Date: Mon, 30 Jun 2025 12:40:50 +0530
Subject: [PATCH] Fix for security vulnerability

Fixed the vulnerability - Use of cryptographically weak pseudo-random number generator

Change-Id: I028798f1740dd9eb68398da6ea610f1000848417
Signed-off-by: jegan <jegan.s@tataelxsi.co.in>
---
 osm_nbi/authconn_internal.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py
index fe86f16..9daa3fd 100644
--- a/osm_nbi/authconn_internal.py
+++ b/osm_nbi/authconn_internal.py
@@ -33,7 +33,6 @@ __date__ = "$06-jun-2019 11:16:08$"
 import logging
 import re
 import secrets
-
 from osm_nbi.authconn import (
     Authconn,
     AuthException,
@@ -52,7 +51,6 @@ from time import time, sleep
 from http import HTTPStatus
 from uuid import uuid4
 from copy import deepcopy
-from random import choice as random_choice
 import smtplib
 from email.message import EmailMessage
 from email.mime.text import MIMEText
@@ -917,7 +915,7 @@ class AuthconnInternal(Authconn):
         )
 
     def generate_otp(self):
-        otp = "".join(random_choice("0123456789") for i in range(0, 4))
+        otp = "".join(str(secrets.randbelow(10)) for i in range(0, 4))
         return otp
 
     def send_email(self, indata):
-- 
2.25.1