Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-338 (使用具有密码学弱点缺陷的PRNG) — Vulnerability Class 72

72 vulnerabilities classified as CWE-338 (使用具有密码学弱点缺陷的PRNG). AI Chinese analysis included.

CWE-338 represents a critical implementation flaw where software employs a pseudo-random number generator unsuitable for security-sensitive applications. This weakness arises when developers utilize standard, non-cryptographic algorithms for tasks requiring high entropy, such as generating session tokens, encryption keys, or initialization vectors. Attackers typically exploit this vulnerability by analyzing the predictable output patterns of the weak generator, allowing them to reverse-engineer internal states or guess future values with minimal computational effort. Such predictability undermines the confidentiality and integrity of cryptographic systems, enabling unauthorized access or data forgery. To mitigate this risk, developers must strictly adhere to security best practices by integrating vetted, cryptographically secure random number generators provided by established libraries. These specialized algorithms are designed to resist statistical analysis and ensure that generated values remain unpredictable even if partial outputs are observed, thereby maintaining robust security postures.

MITRE CWE Description
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks. Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.
Common Consequences (1)
Access ControlBypass Protection Mechanism
If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality.
Mitigations (1)
ImplementationUse functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
Examples (1)
Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:
Random random = new Random(System.currentTimeMillis()); int accountID = random.nextInt();
Bad · Java
srand(time()); int randNum = rand();
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2025-1805 Crypt::Salt for Perl uses insecure rand() function when generating salts for cryptographic purposes — Crypt::Salt 9.1 -2025-04-02
CVE-2025-1860 Data::Entropy for Perl uses insecure rand() function for cryptographic functions — Data::Entropy 7.5 -2025-03-28
CVE-2025-27552 DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Crypt/Eksblowfish/Bcrypt.pm — DBIx::Class::EncodedColumn 7.5AIHighAI2025-03-26
CVE-2025-27551 DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm — DBIx::Class::EncodedColumn 7.5AIHighAI2025-03-26
CVE-2021-26091 Fortinet FortiMail 安全特征问题特征问题漏洞 — FortiMail 6.9 High2025-03-24
CVE-2025-1796 Admin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/dify — langgenius/dify 8.8 -2025-03-20
CVE-2025-1828 Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions — Crypt::Random 7.5 -2025-03-10
CVE-2024-40762 SonicWALL SonicOS 安全漏洞 — SonicOS 9.1 -2025-01-09
CVE-2025-21617 Guzzle OAuth Subscriber has insufficient nonce entropy — oauth-subscriber 9.1 -2025-01-06
CVE-2025-22376 MetaCPAN Net::OAuth 安全漏洞 — n/a 9.8 -2025-01-03
CVE-2002-20002 MetaCPAN Net::EasyTCP 安全漏洞 — n/a 5.4 Medium2025-01-02
CVE-2024-56830 MetaCPAN Net::EasyTCP 安全漏洞 — n/a 5.4 Medium2025-01-02
CVE-2018-25107 Perl 安全漏洞 — n/a 8.2 -2024-12-29
CVE-2024-53702 SonicWALL SMA100 安全漏洞 — SMA100 7.5 -2024-12-05
CVE-2024-45723 goTenna Pro ATAK Plugin Use of Cryptographically Weak Pseudo-Random Number Generator — Pro ATAK Plugin 6.5 Medium2024-09-26
CVE-2024-47126 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in goTenna Pro — Pro 6.5 Medium2024-09-26
CVE-2024-38353 CodiMD - Missing Image Access Controls and Unauthorized Image Access — codimd 5.3 Medium2024-07-10
CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation — Apache StreamPipes 8.1AIHighAI2024-06-24
CVE-2024-24554 Bludit - Insecure Token Generation — Bludit 9.1AICriticalAI2024-06-24
CVE-2024-5264 Network Key Transfer with AES KHT vulnerability in Luna EFT — Luna EFT 5.9 Medium2024-05-23
CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package — edk2 5.3 Medium2024-01-16
CVE-2023-48224 Cryptographically Weak Generation of One-Time Codes for Identity Verification in ethyca-fides — fides 8.2 High2023-11-15
CVE-2022-26943 Weak PRNG entropy source used for authentication challenge generation in Motorola MTM5000 — Mobile Radio 8.8 High2023-10-19
CVE-2023-32549 Landscape insecure token generation — Landscape 6.8 Medium2023-06-06
CVE-2023-2884 Insecure Randomness in CBOT's Chatbot — Chatbot 9.8 Critical2023-05-25
CVE-2023-28835 Insecure randomness for default password in nextcloud — security-advisories 3.5 Low2023-03-30
CVE-2023-24828 Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev — onedev 8.1 High2023-02-07
CVE-2022-23472 Use of insecure random number generator in Passeo — Passeo 5.9 Medium2022-12-06
CVE-2022-35255 Node.js 安全特征问题漏洞 — Node 9.1 -2022-12-05
CVE-2022-41210 SAP Customer Data Cloud 安全特征问题漏洞 — SAP Customer Data Cloud (Gigya) 8.2 -2022-10-11

Vulnerabilities classified as CWE-338 (使用具有密码学弱点缺陷的PRNG) represent 72 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.