Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-338 (使用具有密码学弱点缺陷的PRNG) — Vulnerability Class 72

72 vulnerabilities classified as CWE-338 (使用具有密码学弱点缺陷的PRNG). AI Chinese analysis included.

CWE-338 represents a critical implementation flaw where software employs a pseudo-random number generator unsuitable for security-sensitive applications. This weakness arises when developers utilize standard, non-cryptographic algorithms for tasks requiring high entropy, such as generating session tokens, encryption keys, or initialization vectors. Attackers typically exploit this vulnerability by analyzing the predictable output patterns of the weak generator, allowing them to reverse-engineer internal states or guess future values with minimal computational effort. Such predictability undermines the confidentiality and integrity of cryptographic systems, enabling unauthorized access or data forgery. To mitigate this risk, developers must strictly adhere to security best practices by integrating vetted, cryptographically secure random number generators provided by established libraries. These specialized algorithms are designed to resist statistical analysis and ensure that generated values remain unpredictable even if partial outputs are observed, thereby maintaining robust security postures.

MITRE CWE Description
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks. Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.
Common Consequences (1)
Access ControlBypass Protection Mechanism
If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality.
Mitigations (1)
ImplementationUse functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
Examples (1)
Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:
Random random = new Random(System.currentTimeMillis()); int accountID = random.nextInt();
Bad · Java
srand(time()); int randNum = rand();
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2022-20817 Cisco IP Phone Duplicate Key Vulnerability — Cisco IP Phones with Multiplatform Firmware 7.4 High2022-06-15
CVE-2022-29245 Weak private key generation in SSH.NET — SSH.NET 6.5 Medium2022-05-31
CVE-2021-43799 RabbitMQ exposes ports with weak default secrets in Zulip Server — zulip 8.6 High2022-01-25
CVE-2021-3990 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc — star7th/showdoc 5.3 -2021-12-01
CVE-2011-4574 PolarSsl 安全特征问题漏洞 — PolarSSL 9.8 -2021-10-27
CVE-2021-3047 PAN-OS: Weak Cryptography Used in Web Interface Authentication — PAN-OS 4.2 Medium2021-08-11
CVE-2021-3678 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc — star7th/showdoc 5.3 -2021-08-04
CVE-2021-34430 Eclipse TinyDTLS 加密问题漏洞 — Eclipse TinyDTLS 9.1 -2021-07-08
CVE-2021-3538 go.uuid 安全特征问题漏洞 — satori/go.uuid 9.8 -2021-06-02
CVE-2008-3280 OpenSSL 安全特征问题漏洞 — openid 3.7 -2021-05-21
CVE-2019-5440 Revive Adserver 安全特征问题漏洞 — Revive Adserver 9.8 -2019-05-28
CVE-2014-2362 OleumTech WIO Use of Cryptographically Weak Pseudo-Random Number Generator — WIO DH2 Wireless Gateway 5.9 -2014-07-24

Vulnerabilities classified as CWE-338 (使用具有密码学弱点缺陷的PRNG) represent 72 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.