replace Random with SecureRandom (apache#5966)

Co-authored-by: Daan Hoogland <dahn@onecht.net>

Author: DaanHoogland

server/src/main/java/com/cloud/projects/ProjectManagerImpl.java

@@ -17,10 +17,10 @@
 package com.cloud.projects;
 
 import java.io.UnsupportedEncodingException;
+import java.security.SecureRandom;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.Random;
 import java.util.TimeZone;
 import java.util.UUID;
 import java.util.concurrent.Executors;
@@ -106,6 +106,8 @@
 public class ProjectManagerImpl extends ManagerBase implements ProjectManager, Configurable {
     public static final Logger s_logger = Logger.getLogger(ProjectManagerImpl.class);
 
+    private static final SecureRandom secureRandom = new SecureRandom();
+
     @Inject
     private DomainDao _domainDao;
     @Inject
@@ -1349,10 +1351,9 @@ private boolean suspendProject(ProjectVO project) throws ConcurrentOperationExce
 
     public static String generateToken(int length) {
         String charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-        Random rand = new Random(System.currentTimeMillis());
         StringBuffer sb = new StringBuffer();
         for (int i = 0; i < length; i++) {
-            int pos = rand.nextInt(charset.length());
+            int pos = secureRandom.nextInt(charset.length());
             sb.append(charset.charAt(pos));
         }
         return sb.toString();