CWE-330
DiscouragedUse of Insufficiently Random Values
Abstraction: Class · Status: Stable
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
444 vulnerabilities reference this CWE, most recent first.
GHSA-VP5Q-Q34G-8MCP
Vulnerability from github – Published: 2022-06-24 00:00 – Updated: 2022-07-07 00:00totd before 1.5.3 does not properly randomize mesg IDs.
{
"affected": [],
"aliases": [
"CVE-2022-34295"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-23T17:15:00Z",
"severity": "MODERATE"
},
"details": "totd before 1.5.3 does not properly randomize mesg IDs.",
"id": "GHSA-vp5q-q34g-8mcp",
"modified": "2022-07-07T00:00:24Z",
"published": "2022-06-24T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34295"
},
{
"type": "WEB",
"url": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399"
},
{
"type": "WEB",
"url": "https://github.com/fwdillema/totd/releases/tag/1.5.3"
},
{
"type": "WEB",
"url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
},
{
"type": "WEB",
"url": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VP74-83J6-MV6X
Vulnerability from github – Published: 2022-05-17 05:07 – Updated: 2026-06-02 21:30dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2013-4734"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-06-30T19:28:00Z",
"severity": "HIGH"
},
"details": "dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors.",
"id": "GHSA-vp74-83j6-mv6x",
"modified": "2026-06-02T21:30:24Z",
"published": "2022-05-17T05:07:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4734"
},
{
"type": "WEB",
"url": "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/662676"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/AAMN-98MU7H"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/AAMN-98MUK2"
},
{
"type": "WEB",
"url": "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VQF7-7684-3MJQ
Vulnerability from github – Published: 2023-11-30 18:31 – Updated: 2023-11-30 18:31Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents.
{
"affected": [],
"aliases": [
"CVE-2023-6376"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-30T18:15:09Z",
"severity": "MODERATE"
},
"details": "Henschen \u0026 Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents.\n\n\n",
"id": "GHSA-vqf7-7684-3mjq",
"modified": "2023-11-30T18:31:19Z",
"published": "2023-11-30T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6376"
},
{
"type": "WEB",
"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-Henschen%26Associates.md"
},
{
"type": "WEB",
"url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
},
{
"type": "WEB",
"url": "https://www.henschen.com/government"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VV74-P9WH-MPF3
Vulnerability from github – Published: 2023-09-02 15:30 – Updated: 2024-04-04 07:22There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.
{
"affected": [],
"aliases": [
"CVE-2023-39979"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-334"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-02T13:15:44Z",
"severity": "CRITICAL"
},
"details": "There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.\u00a0\u00a0\n\n",
"id": "GHSA-vv74-p9wh-mpf3",
"modified": "2024-04-04T07:22:18Z",
"published": "2023-09-02T15:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39979"
},
{
"type": "WEB",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVH5-6Q9P-XQXH
Vulnerability from github – Published: 2022-05-17 00:01 – Updated: 2022-05-26 00:01Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers.
{
"affected": [],
"aliases": [
"CVE-2022-30782"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-16T06:15:00Z",
"severity": "HIGH"
},
"details": "Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers.",
"id": "GHSA-vvh5-6q9p-xqxh",
"modified": "2022-05-26T00:01:35Z",
"published": "2022-05-17T00:01:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30782"
},
{
"type": "WEB",
"url": "https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random"
},
{
"type": "WEB",
"url": "https://github.com/openmoney/openmoney-api/blob/1b836e5826dfd59145223a8a48e6c45ddb325762/api/helpers/util.helper.js#L6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W3HJ-WR2Q-X83G
Vulnerability from github – Published: 2021-04-06 17:22 – Updated: 2025-12-02 01:28Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node private key is not compromised, only the session key generated to communicate with an individual peer.
From discovery spec:
The number of messages which can be encrypted with a certain session key is limited because encryption of each message requires a unique nonce for AES-GCM. In addition to the keys, the session cache must also keep track of the count of outgoing messages to ensure the uniqueness of nonce values. Since the wire protocol uses 96 bit AES-GCM nonces, it is strongly recommended to generate them by encoding the current outgoing message count into the first 32 bits of the nonce and filling the remaining 64 bits with random data generated by a cryptographically secure random number generator.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "tech.pegasys.discovery:discovery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-23688"
],
"database_specific": {
"cwe_ids": [
"CWE-323",
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-30T17:04:34Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node private key is not compromised, only the session key generated to communicate with an individual peer.\n\nFrom [discovery spec](https://github.com/ethereum/devp2p/blob/f97b8a5b8e9589d3355ebbd9d4a58d5d1644bdf7/discv5/discv5-theory.md#session-cache):\n\u003e The number of messages which can be encrypted with a certain session key is limited because encryption of each message requires a unique nonce for AES-GCM. In addition to the keys, the session cache must also keep track of the count of outgoing messages to ensure the uniqueness of nonce values. Since the wire protocol uses 96 bit AES-GCM nonces, it is strongly recommended to generate them by encoding the current outgoing message count into the first 32 bits of the nonce and filling the remaining 64 bits with random data generated by a cryptographically secure random number generator.",
"id": "GHSA-w3hj-wr2q-x83g",
"modified": "2025-12-02T01:28:16Z",
"published": "2021-04-06T17:22:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23688"
},
{
"type": "PACKAGE",
"url": "https://github.com/ConsenSys/discovery"
},
{
"type": "WEB",
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Discovery uses the same AES/GCM Nonce throughout the session"
}
GHSA-W5C5-F46C-8J6X
Vulnerability from github – Published: 2023-01-13 00:30 – Updated: 2025-04-08 15:30Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.
{
"affected": [],
"aliases": [
"CVE-2017-5242"
],
"database_specific": {
"cwe_ids": [
"CWE-321",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-12T22:15:00Z",
"severity": "HIGH"
},
"details": "Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.",
"id": "GHSA-w5c5-f46c-8j6x",
"modified": "2025-04-08T15:30:38Z",
"published": "2023-01-13T00:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5242"
},
{
"type": "WEB",
"url": "https://www.rapid7.com/blog/post/2017/05/17/rapid7-nexpose-virtual-appliance-duplicate-ssh-host-key-cve-2017-5242"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W7J2-35MF-95P7
Vulnerability from github – Published: 2021-08-25 20:52 – Updated: 2022-07-13 20:03An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. The vulnerability was introduced in v0.6.0. The advisory doesn't apply to earlier minor version numbers.
Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rand_core"
},
"ranges": [
{
"events": [
{
"introduced": "0.6.0"
},
{
"fixed": "0.6.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-27378"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T17:35:01Z",
"nvd_published_at": "2021-02-18T04:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because `read_u32_into` and `read_u64_into` mishandle certain buffer-length checks, a random number generator may be seeded with too little data. The vulnerability was introduced in v0.6.0. The advisory doesn\u0027t apply to earlier minor version numbers.\n\nBecause read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.",
"id": "GHSA-w7j2-35mf-95p7",
"modified": "2022-07-13T20:03:17Z",
"published": "2021-08-25T20:52:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27378"
},
{
"type": "WEB",
"url": "https://github.com/rust-random/rand/pull/1096"
},
{
"type": "PACKAGE",
"url": "https://github.com/rust-random/rand"
},
{
"type": "WEB",
"url": "https://github.com/rust-random/rand/compare/0.6.0...rand_core-0.6.2#diff-f41b3dfa5ce28f3bee390d327c50621e141cf3569921f8e9ca15ccfcf25263a9R19"
},
{
"type": "WEB",
"url": "https://github.com/rust-random/rand/compare/0.6.0...rand_core-0.6.2#diff-f41b3dfa5ce28f3bee390d327c50621e141cf3569921f8e9ca15ccfcf25263a9R28"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0023.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Incorrect check on buffer length in rand_core"
}
GHSA-W86Q-6FXQ-GCMR
Vulnerability from github – Published: 2024-01-02 03:30 – Updated: 2024-01-05 12:30In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.
{
"affected": [],
"aliases": [
"CVE-2023-32831"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-02T03:15:07Z",
"severity": "MODERATE"
},
"details": "In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.",
"id": "GHSA-w86q-6fxq-gcmr",
"modified": "2024-01-05T12:30:19Z",
"published": "2024-01-02T03:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32831"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/January-2024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W9VX-9MGG-M33X
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.
{
"affected": [],
"aliases": [
"CVE-2020-27264"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-19T21:15:00Z",
"severity": "HIGH"
},
"details": "In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.",
"id": "GHSA-w9vx-9mgg-m33x",
"modified": "2022-05-24T17:39:27Z",
"published": "2022-05-24T17:39:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27264"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.