Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-338 (使用具有密码学弱点缺陷的PRNG) — Vulnerability Class 72

72 vulnerabilities classified as CWE-338 (使用具有密码学弱点缺陷的PRNG). AI Chinese analysis included.

CWE-338 represents a critical implementation flaw where software employs a pseudo-random number generator unsuitable for security-sensitive applications. This weakness arises when developers utilize standard, non-cryptographic algorithms for tasks requiring high entropy, such as generating session tokens, encryption keys, or initialization vectors. Attackers typically exploit this vulnerability by analyzing the predictable output patterns of the weak generator, allowing them to reverse-engineer internal states or guess future values with minimal computational effort. Such predictability undermines the confidentiality and integrity of cryptographic systems, enabling unauthorized access or data forgery. To mitigate this risk, developers must strictly adhere to security best practices by integrating vetted, cryptographically secure random number generators provided by established libraries. These specialized algorithms are designed to resist statistical analysis and ensure that generated values remain unpredictable even if partial outputs are observed, thereby maintaining robust security postures.

MITRE CWE Description
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks. Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.
Common Consequences (1)
Access ControlBypass Protection Mechanism
If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality.
Mitigations (1)
ImplementationUse functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
Examples (1)
Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:
Random random = new Random(System.currentTimeMillis()); int accountID = random.nextInt();
Bad · Java
srand(time()); int randNum = rand();
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-6659 Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts — Crypt::PasswdMD5--2026-05-08
CVE-2026-41505 RELATE: Predictable Token Generation in auth.py and exam.py — relate 8.7 High2026-05-07
CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG — SmarterMail 5.9 Medium2026-04-27
CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts — Apache::API::Password 9.1 -2026-04-15
CVE-2026-25726 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding) — cloudreve 8.1 High2026-04-03
CVE-2026-5087 PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely — PAGI::Middleware::Session::Store::Cookie 7.5AIHighAI2026-03-31
CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key — Business::OnlinePayment::StoredTransaction 7.5AIHighAI2026-03-31
CVE-2024-57854 Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator — Net::NSCA::Client 9.1 -2026-03-05
CVE-2024-58041 Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions — Smolder 9.1AICriticalAI2026-02-23
CVE-2025-15578 Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely — Maypole 7.5AIHighAI2026-02-16
CVE-2025-40905 WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions — WWW::OAuth 7.5AIHighAI2026-02-12
CVE-2025-66630 Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure — fiber 9.1AICriticalAI2026-02-09
CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation. — coturn 7.7 High2025-12-30
CVE-2025-68932 FreshRSS has weak cryptographic randomness in remember-me token and nonce generation — FreshRSS 9.8 -2025-12-26
CVE-2025-26379 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG use of Cryptographically Weak Pseudo-Random Number Generator — IQ Panels2, 2+, IQHub, IQPanel 4, PowerG 8.2AIHighAI2025-12-22
CVE-2025-59390 Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly. — Apache Druid 9.8AICriticalAI2025-11-26
CVE-2025-41731 Jumo: Insufficient entropy in PRNG may lead to root access — variTRON300 7.4 High2025-11-10
CVE-2024-58040 Crypt::RandomEncryption for Perl uses insecure rand() function during encryption — Crypt::RandomEncryption 7.5AIHighAI2025-09-29
CVE-2025-54883 Vision UI's security-kit Contains Cryptographic Weakness — Vision-ui 7.5AIHighAI2025-08-05
CVE-2025-40916 Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha text — Mojolicious::Plugin::CaptchaPNG 5.3AIMediumAI2025-06-16
CVE-2025-40915 Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens — Mojolicious::Plugin::CSRF 8.1AIHighAI2025-06-11
CVE-2024-58135 Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default — Mojolicious 7.5AIHighAI2025-05-03
CVE-2025-46653 formidable 安全特征问题漏洞 — Formidable 3.1 Low2025-04-26
CVE-2025-3495 COMMGR - Insufficient Randomization Authentication Bypass — COMMGR 9.8 Critical2025-04-16
CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions — Crypt::CBC 9.8AICriticalAI2025-04-12
CVE-2024-56370 Net::Xero 0.044 and earlier for Perl uses insecure rand() function for cryptographic functions — Net::Xero 9.1AICriticalAI2025-04-05
CVE-2024-52322 WebService::Xero 0.11 for Perl uses insecure rand() function for cryptographic functions — WebService::Xero 9.1AICriticalAI2025-04-05
CVE-2024-57835 Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions — Amon2::Auth::Site::LINE 7.5AIHighAI2025-04-05
CVE-2024-58036 Net::Dropbox::API 1.9 and earlier for Perl uses insecure rand() function for cryptographic functions — Net::Dropbox::API 9.1AICriticalAI2025-04-05
CVE-2024-57868 Web::API 2.8 and earlier for Perl uses insecure rand() function for cryptographic functions — Web::API 9.1AICriticalAI2025-04-05

Vulnerabilities classified as CWE-338 (使用具有密码学弱点缺陷的PRNG) represent 72 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.