CWE-330
Use of Insufficiently Random Values
Description
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Parent Weaknesses (ChildOf)
Related Weaknesses
Common Consequences
Scope
Impact
Other
Scope
Impact
Bypass Protection Mechanism, Other
Scope
Impact
Bypass Protection Mechanism, Gain Privileges or Assume Identity
Potential Mitigations
Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds. In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts. Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CVE-2021-3692PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens
CVE-2020-7010Cloud application on Kubernetes generates passwords using a weak random number generator based on deployment time.
CVE-2009-3278Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
CVE-2009-3238Random number generator can repeatedly generate the same value.
CVE-2009-2367Web application generates predictable session IDs, allowing session hijacking.
CVE-2009-2158Password recovery utility generates a relatively small number of random passwords, simplifying brute force attacks.
CVE-2009-0255Cryptographic key created with a seed based on the system time.
CVE-2008-5162Kernel function does not have a good entropy source just after boot.
CVE-2008-4905Blogging software uses a hard-coded salt when calculating a password hash.
CVE-2008-4929Bulletin board application uses insufficiently random names for uploaded files, allowing other users to access private files.
+8 more examples
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now