CWE-330
DiscouragedUse of Insufficiently Random Values
Abstraction: Class · Status: Stable
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
445 vulnerabilities reference this CWE, most recent first.
GHSA-JQVR-GMGR-WG44
Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-05-24 17:06The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.
{
"affected": [],
"aliases": [
"CVE-2020-7241"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-552"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-20T20:15:00Z",
"severity": "MODERATE"
},
"details": "The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.",
"id": "GHSA-jqvr-gmgr-wg44",
"modified": "2022-05-24T17:06:56Z",
"published": "2022-05-24T17:06:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7241"
},
{
"type": "WEB",
"url": "https://github.com/V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin/blob/master/README.md"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/wp-database-backup/#developers"
},
{
"type": "WEB",
"url": "https://zeroauth.ltd/blog/2020/01/21/analysis-on-cve-2020-7241-misrepresenting-a-security-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JRCG-6C8X-FF3H
Vulnerability from github – Published: 2024-10-23 18:33 – Updated: 2024-10-23 18:33A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating.
This vulnerability is due to insufficient entropy in the authentication process. An attacker could exploit this vulnerability by determining the handle of an authenticating user and using it to terminate their authentication session. A successful exploit could allow the attacker to force a user to restart the authentication process, preventing a legitimate user from establishing remote access VPN sessions.
{
"affected": [],
"aliases": [
"CVE-2024-20331"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-23T17:15:17Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating.\n\nThis vulnerability is due to insufficient entropy in the authentication process. An attacker could exploit this vulnerability by determining the handle of an authenticating user and using it to terminate their authentication session. A successful exploit could allow the attacker to force a user to restart the authentication process, preventing a legitimate user from establishing remote access VPN sessions.",
"id": "GHSA-jrcg-6c8x-ff3h",
"modified": "2024-10-23T18:33:08Z",
"published": "2024-10-23T18:33:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20331"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-vpn-nyH3fhp"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-xss-M446vbEO"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JRQM-V8CV-53WW
Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2024-09-24 15:41Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "matrix-synapse"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.34.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-5885"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-19T20:18:22Z",
"nvd_published_at": "2019-03-21T16:01:00Z",
"severity": "HIGH"
},
"details": "Matrix Synapse before 0.34.0.1, when the `macaroon_secret_key` authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.",
"id": "GHSA-jrqm-v8cv-53ww",
"modified": "2024-09-24T15:41:47Z",
"published": "2022-05-13T01:08:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5885"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/issues/4664"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/pull/4315"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/pull/4373"
},
{
"type": "PACKAGE",
"url": "https://github.com/matrix-org/synapse"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/blob/67f9e5293ea6650b2ec284c0b7503f3f3eade94b/docs/changelogs/CHANGES-pre-1.0.md?plain=1#L460"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2019-187.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/32Y6KD3OAHCG5P33HC2QEX3NUZOSXCGZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMCLO5PUPBA756UKY72PKUWL4RRM4W6K"
},
{
"type": "WEB",
"url": "https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1"
},
{
"type": "WEB",
"url": "https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Matrix Synapse Predictable Secret Key"
}
GHSA-JV4P-MHMP-69VW
Vulnerability from github – Published: 2026-05-05 18:33 – Updated: 2026-05-08 22:20A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently random values. Access to the local network is required for this attack. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "langchain-chatchat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-7847"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T22:20:20Z",
"nvd_published_at": "2026-05-05T17:17:05Z",
"severity": "LOW"
},
"details": "A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently random values. Access to the local network is required for this attack. The attack\u0027s complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-jv4p-mhmp-69vw",
"modified": "2026-05-08T22:20:20Z",
"published": "2026-05-05T18:33:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7847"
},
{
"type": "WEB",
"url": "https://github.com/chatchat-space/Langchain-Chatchat/issues/5464"
},
{
"type": "WEB",
"url": "https://github.com/3em0/cve_repo/blob/main/Langchain-Chatchat/Vuln-3-Predictable-File-ID.md"
},
{
"type": "PACKAGE",
"url": "https://github.com/chatchat-space/Langchain-Chatchat"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/807796"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/361126"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/361126/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Langchain-Chatchat Uses Insufficiently Random Values"
}
GHSA-JVJ5-M3Q2-46QM
Vulnerability from github – Published: 2022-05-05 00:28 – Updated: 2024-04-03 23:54Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness
{
"affected": [],
"aliases": [
"CVE-2013-4102"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-04T15:15:00Z",
"severity": "CRITICAL"
},
"details": "Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness",
"id": "GHSA-jvj5-m3q2-46qm",
"modified": "2024-04-03T23:54:18Z",
"published": "2022-05-05T00:28:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4102"
},
{
"type": "WEB",
"url": "https://tobtu.com/decryptocat.php"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.9443"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2013/07/10/15"
},
{
"type": "WEB",
"url": "https://www.securityfocus.com/bid/61095"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JVR3-H63F-GRQ7
Vulnerability from github – Published: 2026-06-04 09:30 – Updated: 2026-06-04 21:31High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.
{
"affected": [],
"aliases": [
"CVE-2026-50208"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T09:16:29Z",
"severity": "CRITICAL"
},
"details": "High-risk\u00a0TrustAllCerts\u00a0routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.",
"id": "GHSA-jvr3-h63f-grq7",
"modified": "2026-06-04T21:31:21Z",
"published": "2026-06-04T09:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50208"
},
{
"type": "WEB",
"url": "https://community.acer.com/en/kb/articles/19707"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JX25-8RR2-353V
Vulnerability from github – Published: 2022-11-11 19:00 – Updated: 2022-11-16 19:00A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464.
{
"affected": [],
"aliases": [
"CVE-2022-3959"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-11T16:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, has been found in drogon up to 1.8.1. Affected by this issue is some unknown functionality of the component Session Hash Handler. The manipulation leads to small space of random values. The attack may be launched remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is c0d48da99f66aaada17bcd28b07741cac8697647. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213464.",
"id": "GHSA-jx25-8rr2-353v",
"modified": "2022-11-16T19:00:31Z",
"published": "2022-11-11T19:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3959"
},
{
"type": "WEB",
"url": "https://github.com/drogonframework/drogon/pull/1433"
},
{
"type": "WEB",
"url": "https://github.com/drogonframework/drogon/commit/c0d48da99f66aaada17bcd28b07741cac8697647"
},
{
"type": "WEB",
"url": "https://github.com/drogonframework/drogon/releases/tag/v1.8.2"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.213464"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-JX9R-9M63-C2RC
Vulnerability from github – Published: 2024-04-09 21:31 – Updated: 2026-04-08 18:32The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.99 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames.
{
"affected": [],
"aliases": [
"CVE-2023-6799"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-09T19:15:12Z",
"severity": "MODERATE"
},
"details": "The WP Reset \u2013 Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.99 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames.",
"id": "GHSA-jx9r-9m63-c2rc",
"modified": "2026-04-08T18:32:53Z",
"published": "2024-04-09T21:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6799"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?old_path=/wp-reset/tags/1.99\u0026old=3059287\u0026new_path=/wp-reset/tags/2.0\u0026new=3059287\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3071811%40wp-reset\u0026new=3071811%40wp-reset\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/68f41e88-ed36-4361-bddd-41495a540cd9?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M3FM-FQWR-692P
Vulnerability from github – Published: 2024-06-15 06:30 – Updated: 2024-06-15 06:30The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.
{
"affected": [],
"aliases": [
"CVE-2024-5868"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-15T04:15:13Z",
"severity": "MODERATE"
},
"details": "The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.",
"id": "GHSA-m3fm-fqwr-692p",
"modified": "2024-06-15T06:30:25Z",
"published": "2024-06-15T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5868"
},
{
"type": "WEB",
"url": "https://codecanyon.net/item/social-login-wordpress-woocommerce-plugin/8495883"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97fbbf5b-d3c7-47ce-b251-ce1fe38af152?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M3MQ-F375-5VGH
Vulnerability from github – Published: 2025-06-12 23:02 – Updated: 2026-06-08 19:52Impact
The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent
Patches
No
Workarounds
You may define JWT secret key in the server configuration file
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vantage6-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.11.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-43866"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-12T23:02:13Z",
"nvd_published_at": "2025-06-12T18:15:20Z",
"severity": "LOW"
},
"details": "### Impact\nThe JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is [predictable to some extent](https://docs.python.org/3/library/uuid.html#uuid.uuid1)\n\n### Patches\nNo\n\n### Workarounds\nYou may define JWT secret key in the server configuration file",
"id": "GHSA-m3mq-f375-5vgh",
"modified": "2026-06-08T19:52:08Z",
"published": "2025-06-12T23:02:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-m3mq-f375-5vgh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43866"
},
{
"type": "WEB",
"url": "https://github.com/vantage6/vantage6/commit/e39a262faf1cd4c554bf1b8e57eeea082da995c0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/vantage6-server/PYSEC-2025-221.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/vantage6/vantage6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Vantage6 Server JWT secret not cryptographically secure"
}
Mitigation
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.