Common Weakness Enumeration

CWE-338

Allowed

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Abstraction: Base · Status: Draft

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

293 vulnerabilities reference this CWE, most recent first.

GHSA-QP5M-38PC-FMJ4

Vulnerability from github – Published: 2022-05-14 01:51 – Updated: 2022-05-14 01:51
VLAI
Details

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17877"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-23T21:30:00Z",
    "severity": "HIGH"
  },
  "details": "A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize() function to prevent a malicious contract from being called, but the attacker can bypass it by writing the core code in the constructor of their exploit code. Therefore, it allows attackers to always win and get rewards.",
  "id": "GHSA-qp5m-38pc-fmj4",
  "modified": "2022-05-14T01:51:54Z",
  "published": "2022-05-14T01:51:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17877"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17877"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QPX5-6WW4-HP56

Vulnerability from github – Published: 2024-08-13 18:31 – Updated: 2024-08-13 18:31
VLAI
Details

Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31305"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-13T17:15:20Z",
    "severity": "LOW"
  },
  "details": "Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure.",
  "id": "GHSA-qpx5-6ww4-hp56",
  "modified": "2024-08-13T18:31:15Z",
  "published": "2024-08-13T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31305"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QX3R-XM4V-RGRH

Vulnerability from github – Published: 2022-05-02 03:43 – Updated: 2024-02-15 06:31
VLAI
Details

The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-3278"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-09-21T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack.",
  "id": "GHSA-qx3r-xm4v-rgrh",
  "modified": "2024-02-15T06:31:31Z",
  "published": "2022-05-02T03:43:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3278"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/36793"
    },
    {
      "type": "WEB",
      "url": "http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/506607/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/36467"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2F4-W3VH-WPXJ

Vulnerability from github – Published: 2024-12-05 15:31 – Updated: 2024-12-05 18:31
VLAI
Details

Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53702"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-05T14:15:21Z",
    "severity": "MODERATE"
  },
  "details": "Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret.",
  "id": "GHSA-r2f4-w3vh-wpxj",
  "modified": "2024-12-05T18:31:03Z",
  "published": "2024-12-05T15:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53702"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R3M8-7H2R-2MP6

Vulnerability from github – Published: 2024-12-29 09:30 – Updated: 2024-12-31 21:30
VLAI
Details

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand() function, which is not a secure source of random bits.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-25107"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-29T07:15:05Z",
    "severity": "HIGH"
  },
  "details": "The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand() function, which is not a secure source of random bits.",
  "id": "GHSA-r3m8-7h2r-2mp6",
  "modified": "2024-12-31T21:30:45Z",
  "published": "2024-12-29T09:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25107"
    },
    {
      "type": "WEB",
      "url": "https://github.com/karenetheridge/Crypt-Random-Source/pull/3"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/ETHER/Crypt-Random-Source-0.13/changes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R49C-4Q8X-X33V

Vulnerability from github – Published: 2026-07-01 09:30 – Updated: 2026-07-01 18:31
VLAI
Details

CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources.

The generate_id method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand() function. All three are predictable, low-entropy sources: the PID is drawn from a small range, the epoch time can be guessed or read from the HTTP Date header, and Perl's rand() is unsuitable for security purposes because it is predictable and reversible.

An attacker who predicts a session id can impersonate the corresponding session and bypass authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-01T08:16:21Z",
    "severity": "MODERATE"
  },
  "details": "CGI::Session::ID::md5 versions before 4.49 for Perl generate predictable session ids from low-entropy sources.\n\nThe generate_id method builds the session id from a MD5 digest of the process id, the epoch time, and the built-in rand() function. All three are predictable, low-entropy sources: the PID is drawn from a small range, the epoch time can be guessed or read from the HTTP Date header, and Perl\u0027s rand() is unsuitable for security purposes because it is predictable and reversible.\n\nAn attacker who predicts a session id can impersonate the corresponding session and bypass authentication.",
  "id": "GHSA-r49c-4q8x-x33v",
  "modified": "2026-07-01T18:31:47Z",
  "published": "2026-07-01T09:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56016"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/MARKSTOS/CGI-Session-4.49/changes"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/MARKSTOS/CGI-Session-4.49/source/lib/CGI/Session/ID/md5.pm"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/07/01/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R6G6-6H6F-XCMJ

Vulnerability from github – Published: 2026-04-15 18:31 – Updated: 2026-04-16 15:31
VLAI
Details

Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts.

The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply return 16 bytes generated with Perl's built-in rand function.

The rand function is unsuitable for cryptographic use.

These salts are used for password hashing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-15T08:16:16Z",
    "severity": "HIGH"
  },
  "details": "Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts.\n\nThe _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt.  If those modules are unavailable, it will simply return 16 bytes generated with Perl\u0027s built-in rand function.\n\nThe rand function is unsuitable for cryptographic use.\n\nThese salts are used for password hashing.",
  "id": "GHSA-r6g6-6h6f-xcmj",
  "modified": "2026-04-16T15:31:31Z",
  "published": "2026-04-15T18:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5088"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/pod/Crypt::URandom"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/JDEGUEST/Apache2-API-v0.5.2/view/lib/Apache2/API/Password.pod"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/JDEGUEST/Apache2-API-v0.5.3/changes"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/15/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/15/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R6MR-WMGJ-F864

Vulnerability from github – Published: 2026-03-31 18:31 – Updated: 2026-04-01 18:36
VLAI
Details

PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely.

PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on systems without the device, such as Windows), then it will emit a warning that recommends the user install Crypt::URandom, and then return a string of random bytes generated by the built-in rand function, which is unsuitable for cryptographic applications.

This modules does not use the Crypt::URandom module, and installing it will not fix the problem.

The random bytes are used for generating an initialisation vector (IV) to encrypt the cookie.

A predictable IV may make it easier for malicious users to decrypt and tamper with the session data that is stored in the cookie.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5087"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-31T16:16:35Z",
    "severity": "HIGH"
  },
  "details": "PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely.\n\nPAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on systems without the device, such as Windows), then it will emit a warning that recommends the user install Crypt::URandom, and then return a string of random bytes generated by the built-in rand function, which is unsuitable for cryptographic applications.\n\nThis modules does not use the Crypt::URandom module, and installing it will not fix the problem.\n\nThe random bytes are used for generating an initialisation vector (IV) to encrypt the cookie.\n\nA predictable IV may make it easier for malicious users to decrypt and tamper with the session data that is stored in the cookie.",
  "id": "GHSA-r6mr-wmgj-f864",
  "modified": "2026-04-01T18:36:34Z",
  "published": "2026-03-31T18:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5087"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/JJNAPIORK/PAGI-Middleware-Session-Store-Cookie-0.001003/source/lib/PAGI/Middleware/Session/Store/Cookie.pm#L156-173"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/JJNAPIORK/PAGI-Middleware-Session-Store-Cookie-0.001004/changes"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/31/10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R79P-JP6R-P5PM

Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49
VLAI
Details

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-20T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.",
  "id": "GHSA-r79p-jp6r-p5pm",
  "modified": "2022-05-13T01:49:11Z",
  "published": "2022-05-13T01:49:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11290"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins"
    },
    {
      "type": "WEB",
      "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000051618"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC75-CF5C-MXVH

Vulnerability from github – Published: 2019-11-06 17:06 – Updated: 2021-08-18 22:08
VLAI
Summary
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml
Details

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.pac4j:pac4j-saml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.8.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-11-05T19:56:04Z",
    "nvd_published_at": "2019-09-23T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG\u0027s algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.",
  "id": "GHSA-rc75-cf5c-mxvh",
  "modified": "2021-08-18T22:08:17Z",
  "published": "2019-11-06T17:06:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10755"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pac4j/pac4j/commit/34d5b1028a2db201ee81ec51b52a782fe073f609"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGPAC4J-467407"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml"
}

Mitigation
Implementation

Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

No CAPEC attack patterns related to this CWE.