CWE-334
Small Space of Random Values
Description
The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Bypass Protection Mechanism, Other
Potential Mitigations
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CVE-2002-0583Product uses 5 alphanumeric characters for filenames of expense claim reports, stored under web root.
CVE-2002-0903Product uses small number of random numbers for a code to approve an action, and also uses predictable new user IDs, allowing attackers to hijack new accounts.
CVE-2003-1230SYN cookies implementation only uses 32-bit keys, making it easier to brute force ISN.
CVE-2004-0230Complex predictability / randomness (reduced space).
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now