CWE-330
DiscouragedUse of Insufficiently Random Values
Abstraction: Class · Status: Stable
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
445 vulnerabilities reference this CWE, most recent first.
GHSA-PQ4W-QM9G-QX68
Vulnerability from github – Published: 2020-03-16 22:46 – Updated: 2021-07-28 18:54Impact
Credential replay affecting those connected to a server when all 3 of the following conditions are met:
- SecurityPolicy is None
- using username/password or X509-based authentication
- the server has a defect causing it to send null/empty or zeroed nonces
Patches
The problem has been patched in version 0.3.6. A more relaxed treatment of validation as agreed upon by the OPC UA Security Working Group is implemented in version 0.3.7.
Workarounds
Do not use username/password or X509-based authentication with SecurityPolicy of None.
References
https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf
For more information
If you have any questions or comments about this advisory: * Open an issue at https://github.com/eclipse/milo/issues * Email the mailing list
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.3.4"
},
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.milo:sdk-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-19135"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-522"
],
"github_reviewed": true,
"github_reviewed_at": "2020-03-16T20:59:53Z",
"nvd_published_at": "2020-03-16T16:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nCredential replay affecting those connected to a server when *all 3* of the following conditions are met:\n- `SecurityPolicy` is `None`\n- using username/password or X509-based authentication\n- the server has a defect causing it to send null/empty or zeroed nonces \n\n### Patches\nThe problem has been patched in version `0.3.6`. A more relaxed treatment of validation as agreed upon by the OPC UA Security Working Group is implemented in version `0.3.7`.\n\n### Workarounds\nDo not use username/password or X509-based authentication with `SecurityPolicy` of `None`.\n\n### References\nhttps://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue at [https://github.com/eclipse/milo/issues](https://github.com/eclipse/milo/issues)\n* Email [the mailing list](mailto:milo-dev@eclipse.org)",
"id": "GHSA-pq4w-qm9g-qx68",
"modified": "2021-07-28T18:54:53Z",
"published": "2020-03-16T22:46:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/eclipse/milo/security/advisories/GHSA-pq4w-qm9g-qx68"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19135"
},
{
"type": "WEB",
"url": "https://github.com/eclipse/milo/commit/cac0e710bf2b8bed9c602fc597e9de1d8903abed"
},
{
"type": "WEB",
"url": "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf"
},
{
"type": "WEB",
"url": "https://opcfoundation.org/security-bulletins"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Insufficient Nonce Validation in Eclipse Milo Client"
}
GHSA-PQC9-6W7J-MP2F
Vulnerability from github – Published: 2026-03-25 15:31 – Updated: 2026-03-25 15:31An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme.
{
"affected": [],
"aliases": [
"CVE-2024-51346"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T14:16:28Z",
"severity": "HIGH"
},
"details": "An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme.",
"id": "GHSA-pqc9-6w7j-mp2f",
"modified": "2026-03-25T15:31:28Z",
"published": "2026-03-25T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51346"
},
{
"type": "WEB",
"url": "https://github.com/victorGoeman/Eufy-Ecosystem-Security-Research/blob/main/CVE-2024-51346.md"
},
{
"type": "WEB",
"url": "https://github.com/victorGoeman/Eufy-Ecosystem-Security-Research/blob/main/README.md"
},
{
"type": "WEB",
"url": "https://www.eufy.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PQRX-8F89-682J
Vulnerability from github – Published: 2022-07-08 00:00 – Updated: 2022-07-15 00:00The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.
{
"affected": [],
"aliases": [
"CVE-2022-25047"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-07T12:15:00Z",
"severity": "MODERATE"
},
"details": "The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.",
"id": "GHSA-pqrx-8f89-682j",
"modified": "2022-07-15T00:00:17Z",
"published": "2022-07-08T00:00:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25047"
},
{
"type": "WEB",
"url": "https://github.com/Immersive-Labs-Sec/CentOS-WebPanel"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PR9H-XJRF-GJCR
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-05-24 16:46CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
{
"affected": [],
"aliases": [
"CVE-2019-6821"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-22T20:29:00Z",
"severity": "HIGH"
},
"details": "CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.",
"id": "GHSA-pr9h-xjrf-gjcr",
"modified": "2022-05-24T16:46:18Z",
"published": "2022-05-24T16:46:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6821"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-136-01"
},
{
"type": "WEB",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-03"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108366"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PVV4-8WMW-VJF3
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2024-04-04 03:13A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.
{
"affected": [],
"aliases": [
"CVE-2022-46353"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions \u003c V3.2.7), SCALANCE X204RNA (PRP) (All versions \u003c V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions \u003c V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions \u003c V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions \u003c V3.2.7). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.",
"id": "GHSA-pvv4-8wmw-vjf3",
"modified": "2024-04-04T03:13:45Z",
"published": "2022-12-13T18:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46353"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PW9J-JVFG-9PPW
Vulnerability from github – Published: 2023-10-10 18:31 – Updated: 2024-04-04 08:29In Contiki 4.5, TCP ISNs are improperly random.
{
"affected": [],
"aliases": [
"CVE-2020-27634"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-10T17:15:10Z",
"severity": "CRITICAL"
},
"details": "In Contiki 4.5, TCP ISNs are improperly random.",
"id": "GHSA-pw9j-jvfg-9ppw",
"modified": "2024-04-04T08:29:43Z",
"published": "2023-10-10T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27634"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01"
},
{
"type": "WEB",
"url": "https://www.forescout.com"
},
{
"type": "WEB",
"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PWQG-3R7W-W9HW
Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2022-05-13 01:08The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
{
"affected": [],
"aliases": [
"CVE-2019-8919"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-18T20:29:00Z",
"severity": "HIGH"
},
"details": "The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.",
"id": "GHSA-pwqg-3r7w-w9hw",
"modified": "2022-05-13T01:08:17Z",
"published": "2022-05-13T01:08:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8919"
},
{
"type": "WEB",
"url": "https://github.com/haiwen/seadroid/issues/789"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q3W8-GRP4-HC32
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-08-13 00:00Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.
{
"affected": [],
"aliases": [
"CVE-2021-34646"
],
"database_specific": {
"cwe_ids": [
"CWE-290",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-30T19:15:00Z",
"severity": "CRITICAL"
},
"details": "Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.",
"id": "GHSA-q3w8-grp4-hc32",
"modified": "2022-08-13T00:00:35Z",
"published": "2022-05-24T19:12:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34646"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2581212%40woocommerce-jetpack\u0026new=2581212%40woocommerce-jetpack\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/blog/2021/08/critical-authentication-bypass-vulnerability-patched-in-booster-for-woocommerce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q4Q3-WX65-4J6J
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2022-10-22 12:00Prima Systems FlexAir devices allow unauthenticated download of the database configuration backup due to a predictable name, resulting in authentication bypass (a login authenticated with the MD5 hash of any user found in the database).
{
"affected": [],
"aliases": [
"CVE-2019-7667"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-01T19:15:00Z",
"severity": "CRITICAL"
},
"details": "Prima Systems FlexAir devices allow unauthenticated download of the database configuration backup due to a predictable name, resulting in authentication bypass (a login authenticated with the MD5 hash of any user found in the database).",
"id": "GHSA-q4q3-wx65-4j6j",
"modified": "2022-10-22T12:00:30Z",
"published": "2022-05-24T16:49:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7667"
},
{
"type": "WEB",
"url": "https://applied-risk.com/labs/advisories"
},
{
"type": "WEB",
"url": "https://www.applied-risk.com/resources/ar-2019-007"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-Database-Backup-Predictable-Name.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q4V3-WMM6-HCRX
Vulnerability from github – Published: 2022-05-05 00:29 – Updated: 2024-10-23 15:56packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pyrad"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-0294"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-23T21:26:31Z",
"nvd_published_at": "2020-01-28T16:15:00Z",
"severity": "HIGH"
},
"details": "packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.",
"id": "GHSA-q4v3-wmm6-hcrx",
"modified": "2024-10-23T15:56:18Z",
"published": "2022-05-05T00:29:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0294"
},
{
"type": "WEB",
"url": "https://github.com/wichert/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=911682"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82133"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pyrad/PYSEC-2020-211.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/pyradius/pyrad"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200228160027/http://www.securityfocus.com/bid/57984"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/02/15/13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "pyrad is vulnerable to the use of Insufficiently Random Values"
}
Mitigation
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.