CWE-340

Generation of Predictable Numbers or Identifiers

Class

Incomplete

Description

The product uses a scheme that generates numbers or identifiers that are more predictable than required.

Parent Weaknesses (ChildOf)

CWE-330: Use of Insufficiently Random V...

Related Weaknesses

CWE-384 (CanPrecede)

Common Consequences

Scope

Other

Impact

Varies by Context

CVE-2022-29330

Product for administering PBX systems uses predictable identifiers and timestamps for filenames (CWE-340) which allows attackers to access files via direct request (CWE-425).

CVE-2001-1141

PRNG allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.

CVE-1999-0074

Listening TCP ports are sequentially allocated, allowing spoofing attacks.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-340

Generation of Predictable Numbers or Identifiers

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms