CWE-330
DiscouragedUse of Insufficiently Random Values
Abstraction: Class · Status: Stable
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
445 vulnerabilities reference this CWE, most recent first.
GHSA-CH86-PXR9-J9H9
Vulnerability from github – Published: 2026-04-03 21:31 – Updated: 2026-04-07 14:24Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-9jpj-g8vv-j5mf. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-07T14:24:10Z",
"nvd_published_at": "2026-04-03T21:17:11Z",
"severity": "MODERATE"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-9jpj-g8vv-j5mf. This link is maintained to preserve external references.\n\n### Original Description\nOpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption.",
"id": "GHSA-ch86-pxr9-j9h9",
"modified": "2026-04-07T14:24:10Z",
"published": "2026-04-03T21:31:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-9jpj-g8vv-j5mf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34511"
},
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/commit/a26f4d0f3ef0757db6c6c40277cc06a5de76c52f"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/openclaw-pkce-verifier-exposure-via-oauth-state-parameter"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter",
"withdrawn": "2026-04-07T14:24:10Z"
}
GHSA-CHFC-5X2P-7FV7
Vulnerability from github – Published: 2024-06-29 15:31 – Updated: 2024-06-29 15:31iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
{
"affected": [],
"aliases": [
"CVE-2024-25943"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-29T13:15:10Z",
"severity": "HIGH"
},
"details": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.",
"id": "GHSA-chfc-5x2p-7fv7",
"modified": "2024-06-29T15:31:30Z",
"published": "2024-06-29T15:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25943"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CMR8-5W4C-44V8
Vulnerability from github – Published: 2022-09-20 20:45 – Updated: 2022-09-21 19:22Impact
Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG (cryptographically secure pseudorandom number generator) was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. An attacker with access to that same WebAssembly module that calls the affected methods could use the fixed seed to predict random numbers generated by these functions. This information could be used to bypass cryptographic security controls, for example to disclose sensitive data encrypted by functions that use these generators.
Patches
The problem has been fixed in version 0.5.3.
Corrected Math.random and crypto.getRandomValues methods to always use sufficiently random values. The previous versions would use a CSPRNG (cryptographically secure pseudorandom number generator) which we would seed with a random value. However, due to our use of Wizer, the initial value to seed the CSPRNG was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. The new implementations of both Math.random and crypto.getRandomValues do not use a CSPRNG and instead pull random values from WASI (WebAssembly System Interface) libc’s random_get function, which is always a sufficiently random value.
Workarounds
There are no workarounds, you must upgrade to version 0.5.3 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@fastly/js-compute"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.5.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39218"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-335"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-20T20:45:10Z",
"nvd_published_at": "2022-09-20T20:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\n`Math.random` and `crypto.getRandomValues` methods failed to use sufficiently random values. The initial value to seed the CSPRNG (cryptographically secure pseudorandom number generator) was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. An attacker with access to that same WebAssembly module that calls the affected methods could use the fixed seed to predict random numbers generated by these functions. This information could be used to bypass cryptographic security controls, for example to disclose sensitive data encrypted by functions that use these generators.\n\n### Patches\n\nThe problem has been fixed in version 0.5.3.\n\nCorrected `Math.random` and `crypto.getRandomValues` methods to always use sufficiently random values. The previous versions would use a CSPRNG (cryptographically secure pseudorandom number generator) which we would seed with a random value. However, due to our use of Wizer, the initial value to seed the CSPRNG was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. The new implementations of both Math.random and `crypto.getRandomValues` do not use a CSPRNG and instead pull random values from WASI (WebAssembly System Interface) libc\u2019s random_get function, which is always a sufficiently random value.\n\n### Workarounds\n\nThere are no workarounds, you must upgrade to version 0.5.3 or later.",
"id": "GHSA-cmr8-5w4c-44v8",
"modified": "2022-09-21T19:22:40Z",
"published": "2022-09-20T20:45:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-cmr8-5w4c-44v8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39218"
},
{
"type": "WEB",
"url": "https://github.com/fastly/js-compute-runtime/commit/65524ffc962644e9fc39f4b368a326b6253912a9"
},
{
"type": "PACKAGE",
"url": "https://github.com/fastly/js-compute-runtime"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Fastly Compute@Edge JS Runtime has fixed random number seed during compilation"
}
GHSA-CP43-CJ42-P4C3
Vulnerability from github – Published: 2022-09-29 00:00 – Updated: 2022-10-01 00:00An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well.
{
"affected": [],
"aliases": [
"CVE-2022-30935"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-28T11:15:00Z",
"severity": "CRITICAL"
},
"details": "An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to get valid sessions for arbitrary users, and optionally reset their password. Tested and confirmed in a default installation of version 7.2.3. Earlier versions are affected, possibly earlier major versions as well.",
"id": "GHSA-cp43-cj42-p4c3",
"modified": "2022-10-01T00:00:24Z",
"published": "2022-09-29T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30935"
},
{
"type": "WEB",
"url": "https://github.com/b2evolution/b2evolution/issues/114"
},
{
"type": "WEB",
"url": "https://b2evolution.net/downloads/7-2-5-stable"
},
{
"type": "WEB",
"url": "https://github.com/b2evolution/b2evolution/blob/master/inc/_core/_misc.funcs.php#L5955"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CQ4Q-CV5G-R8Q5
Vulnerability from github – Published: 2026-06-15 20:44 – Updated: 2026-06-15 20:44Summary
Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers after a source-CID rotation. An on-path attacker observing the headers can use the token to perform a Denial of Service by sending a spoofed Stateless Reset packet.
Details
The sign-based connection ID generator (HmacSignQuicConnectionIdGenerator) and reset token generator (HmacSignQuicResetTokenGenerator) both evaluate HMAC-SHA256 with the same JVM-wide static key (io.netty.handler.codec.quic.Hmac).
During source CID rotation (QuicheQuicChannel.newSourceConnectionIds), the current server source CID C is used as input to produce the next CID N. The stateless reset token for C is defined over HMAC(K, C), specifically the first 16 bytes. The next CID N is the first L bytes of the same digest, where L = |C|.
Whenever L ≥ 16, the first 16 bytes of N are exactly the stateless reset token for C. Because N is carried in QUIC headers as a connection ID, an observer can read the headers and learn the reset token without decrypting the payload.
This directly violates RFC 9000
https://datatracker.ietf.org/doc/html/rfc9000#name-calculating-a-stateless-res: The stateless reset token MUST be difficult to guess.
Additionally https://datatracker.ietf.org/doc/html/rfc9000#name-stateless-reset-oracle
Impact
Information Disclosure and Denial of Service. An on-path attacker can obtain the stateless reset token from the connection ID header and attempt to abruptly close the client side of the connection by sending a spoofed Stateless Reset datagram.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.14.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-classes-quic"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0.Final"
},
{
"fixed": "4.2.15.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-50009"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-15T20:44:20Z",
"nvd_published_at": "2026-06-12T16:16:31Z",
"severity": "MODERATE"
},
"details": "### Summary\nNetty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server\u0027s current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers after a source-CID rotation. An on-path attacker observing the headers can use the token to perform a Denial of Service by sending a spoofed Stateless Reset packet.\n\n### Details\nThe sign-based connection ID generator (HmacSignQuicConnectionIdGenerator) and reset token generator (HmacSignQuicResetTokenGenerator) both evaluate HMAC-SHA256 with the same JVM-wide static key (io.netty.handler.codec.quic.Hmac).\n\nDuring source CID rotation (QuicheQuicChannel.newSourceConnectionIds), the current server source CID C is used as input to produce the next CID N. The stateless reset token for C is defined over HMAC(K, C), specifically the first 16 bytes. The next CID N is the first L bytes of the same digest, where L = |C|.\n\nWhenever L \u2265 16, the first 16 bytes of N are exactly the stateless reset token for C. Because N is carried in QUIC headers as a connection ID, an observer can read the headers and learn the reset token without decrypting the payload.\n\nThis directly violates RFC 9000\nhttps://datatracker.ietf.org/doc/html/rfc9000#name-calculating-a-stateless-res: `The stateless reset token MUST be difficult to guess.`\nAdditionally https://datatracker.ietf.org/doc/html/rfc9000#name-stateless-reset-oracle\n\n### Impact\nInformation Disclosure and Denial of Service. An on-path attacker can obtain the stateless reset token from the connection ID header and attempt to abruptly close the client side of the connection by sending a spoofed Stateless Reset datagram.",
"id": "GHSA-cq4q-cv5g-r8q5",
"modified": "2026-06-15T20:44:20Z",
"published": "2026-06-15T20:44:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cq4q-cv5g-r8q5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50009"
},
{
"type": "PACKAGE",
"url": "https://github.com/netty/netty"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Netty: QUIC stateless reset token material exposed through header-visible connection IDs"
}
GHSA-CQ94-QF6Q-MF2H
Vulnerability from github – Published: 2018-07-16 16:50 – Updated: 2024-10-14 15:36Python package pysaml2 version 4.5.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pysaml2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-1000246"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:32:20Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Python package pysaml2 version 4.5.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.",
"id": "GHSA-cq94-qf6q-mf2h",
"modified": "2024-10-14T15:36:52Z",
"published": "2018-07-16T16:50:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000246"
},
{
"type": "WEB",
"url": "https://github.com/rohe/pysaml2/issues/417"
},
{
"type": "WEB",
"url": "https://github.com/IdentityPython/pysaml2/pull/519/commits/7323f5c20efb59424d853c822e7a26d1aa3e84aa"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pysaml2/PYSEC-2017-26.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/rohe/pysaml2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Pysaml2 improperly initializes encryption vector"
}
GHSA-CQJ4-PH2F-7Q79
Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
{
"affected": [],
"aliases": [
"CVE-2017-0897"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-22T21:29:00Z",
"severity": "HIGH"
},
"details": "ExpressionEngine version 2.x \u003c 2.11.8 and version 3.x \u003c 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.",
"id": "GHSA-cqj4-ph2f-7q79",
"modified": "2022-05-13T01:38:26Z",
"published": "2022-05-13T01:38:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0897"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/215890"
},
{
"type": "WEB",
"url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-5-5"
},
{
"type": "WEB",
"url": "https://docs.expressionengine.com/v2/about/changelog.html#version-2-11-8"
},
{
"type": "WEB",
"url": "https://expressionengine.com/blog/expressionengine-3.5.5-and-2.11.8-released"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99242"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CRJP-2PP7-RCHG
Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-19 00:01The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.
{
"affected": [],
"aliases": [
"CVE-2022-27577"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-11T20:15:00Z",
"severity": "CRITICAL"
},
"details": "The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.",
"id": "GHSA-crjp-2pp7-rchg",
"modified": "2022-04-19T00:01:13Z",
"published": "2022-04-12T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27577"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CWXP-H4PJ-WVP5
Vulnerability from github – Published: 2023-07-06 19:24 – Updated: 2024-04-04 05:34Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.
{
"affected": [],
"aliases": [
"CVE-2022-26080"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-16T13:15:00Z",
"severity": "MODERATE"
},
"details": "Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) \u2013 comcode 150047415.",
"id": "GHSA-cwxp-h4pj-wvp5",
"modified": "2024-04-04T05:34:28Z",
"published": "2023-07-06T19:24:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26080"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108467A6732\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026_ga=2.256117643.1223066510.1678942947-1879524908.1677751217"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F4VP-F6H9-8CX8
Vulnerability from github – Published: 2022-02-17 00:00 – Updated: 2023-06-30 21:30A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.
{
"affected": [],
"aliases": [
"CVE-2021-26726"
],
"database_specific": {
"cwe_ids": [
"CWE-209",
"CWE-326",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-16T16:15:00Z",
"severity": "HIGH"
},
"details": "A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.",
"id": "GHSA-f4vp-f6h9-8cx8",
"modified": "2023-06-30T21:30:18Z",
"published": "2022-02-17T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26726"
},
{
"type": "WEB",
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26726"
},
{
"type": "WEB",
"url": "https://www.valmet.com/about-us/research-and-development/vulnerabilityadvisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.