The software may use insufficiently random numbers or values in a security context that depends on unpredictable numbers.When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.
1. java.security.SecureRandom should be used instead of java.util.Random
2.Use Cryptographically secure generators that are strongly believed to be very difficult to predict.
ex : var rand10 = Math.random().toString().substr(2, 10);
this.boundary = '------RWWorkerFormDataBoundary' + Math.random().toString(36); Math.random() code traced
in \lib\web\FormData.js (Line:46) and few other vendor files.
CWE Code : CWE-676