Agree but as I said it also "only generates 7 digits with no UC" which is even worse. My point is simply that you can do this by the command line. And depending on what the purpose of the password is (and how difficult you want it to be) in many cases it fits the purpose.

If I was generating initial passwords for someone's email account for example I probably would also leave out digits and letters that are easily confused, like 0 and O and l and 1 and some other things which isn't a best practice either but might be appropriate for other reasons.

Can you give a practical example how this can become a problem if I use rand() to generate a password to be used on a website?

Many PRNGs only have 32 bits of state. If someone knows your settings (alphabet chosen and length) the max number of passwords to check is 4 billion.