Common Weakness Enumeration

CWE-338

Allowed

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Abstraction: Base · Status: Draft

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

293 vulnerabilities reference this CWE, most recent first.

GHSA-RC7V-65V6-M2V3

Vulnerability from github – Published: 2024-10-28 15:12 – Updated: 2024-11-08 17:25
VLAI
Summary
Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers
Details

Withdrawn Advisory

This advisory has been withdrawn because the vulnerability does not affect a released version of the github.com/go-mysql-org/go-mysql package. For more information, see https://github.com/github/advisory-database/pull/4990.

Original Advisory

Affected by CVE-2021-3538

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/go-mysql-org/go-mysql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-28T15:12:22Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "## Withdrawn Advisory\n\nThis advisory has been withdrawn because the vulnerability does not affect a released version of the `github.com/go-mysql-org/go-mysql` package.  For more information, see https://github.com/github/advisory-database/pull/4990.\n\n## Original Advisory\n\nAffected by CVE-2021-3538",
  "id": "GHSA-rc7v-65v6-m2v3",
  "modified": "2024-11-08T17:25:16Z",
  "published": "2024-10-28T15:12:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/apptainer/sif/security/advisories/GHSA-33m6-q9v5-62r7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/go-mysql-org/go-mysql/security/advisories/GHSA-rc7v-65v6-m2v3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hpcng/sif/security/advisories/GHSA-33m6-q9v5-62r7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/github/advisory-database/pull/4990"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/go-mysql-org/go-mysql"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Withdrawn Advisory: go-mysql affected by go.uuid\u0027s Predictable UUID Identifiers",
  "withdrawn": "2024-11-08T17:25:16Z"
}

GHSA-RG9R-F32F-755R

Vulnerability from github – Published: 2023-02-02 00:30 – Updated: 2023-02-08 21:30
VLAI
Details

An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-45782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338",
      "CWE-640"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-01T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.",
  "id": "GHSA-rg9r-f32f-755r",
  "modified": "2023-02-08T21:30:19Z",
  "published": "2023-02-02T00:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45782"
    },
    {
      "type": "WEB",
      "url": "https://www.dotcms.com/security/SI-66"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RGH6-HJMR-J5FV

Vulnerability from github – Published: 2021-12-26 00:00 – Updated: 2022-01-11 00:02
VLAI
Details

In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-25T02:15:00Z",
    "severity": "HIGH"
  },
  "details": "In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.",
  "id": "GHSA-rgh6-hjmr-j5fv",
  "modified": "2022-01-11T00:02:10Z",
  "published": "2021-12-26T00:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45489"
    },
    {
      "type": "WEB",
      "url": "https://arxiv.org/pdf/2112.09604.pdf"
    },
    {
      "type": "WEB",
      "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2021-001.txt.asc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RGQQ-JVQ6-W93R

Vulnerability from github – Published: 2024-09-26 18:31 – Updated: 2024-09-26 18:31
VLAI
Details

The goTenna Pro ATAK Plugin does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45723"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-26T18:15:07Z",
    "severity": "HIGH"
  },
  "details": "The goTenna Pro ATAK Plugin does not use SecureRandom when generating \nits cryptographic keys. The random function in use is not suitable for \ncryptographic use.",
  "id": "GHSA-rgqq-jvq6-w93r",
  "modified": "2024-09-26T18:31:45Z",
  "published": "2024-09-26T18:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45723"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RJQ9-C3RF-C638

Vulnerability from github – Published: 2026-04-01 21:30 – Updated: 2026-04-01 21:30
VLAI
Details

An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-34871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-01T19:16:33Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).",
  "id": "GHSA-rjq9-c3rf-c638",
  "modified": "2026-04-01T21:30:30Z",
  "published": "2026-04-01T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34871"
    },
    {
      "type": "WEB",
      "url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-dev-random"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RMW5-XPG9-JR29

Vulnerability from github – Published: 2021-06-10 17:23 – Updated: 2022-04-27 20:30
VLAI
Summary
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone
Details

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rclone/rclone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.53.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-28924"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331",
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-09T14:47:19Z",
    "nvd_published_at": "2020-11-19T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.",
  "id": "GHSA-rmw5-xpg9-jr29",
  "modified": "2022-04-27T20:30:31Z",
  "published": "2021-06-10T17:23:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28924"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rclone/rclone/issues/4783"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rclone/rclone"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCD"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-14"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone"
}

GHSA-RQ65-66G5-5PG2

Vulnerability from github – Published: 2026-06-23 09:32 – Updated: 2026-06-23 15:32
VLAI
Details

Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter.

When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function.

A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9733"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-23T08:16:26Z",
    "severity": "CRITICAL"
  },
  "details": "Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter.\n\nWhen no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl\u0027s built-in rand function.\n\nA predictable state allows an attacker to hijack another user\u0027s session through cross site request forgery (CSRF).",
  "id": "GHSA-rq65-66g5-5pg2",
  "modified": "2026-06-23T15:32:35Z",
  "published": "2026-06-23T09:32:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9733"
    },
    {
      "type": "WEB",
      "url": "https://datatracker.ietf.org/doc/html/rfc6749#section-10.12"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/HAYAJO/Mojolicious-Plugin-Web-Auth-0.17/source/lib/Mojolicious/Plugin/Web/Auth/OAuth2.pm#L129-131"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/patches/M/Mojolicious-Plugin-Web-Auth/0.17/CVE-2026-9733-r2.patch"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/23/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RXR3-QRG9-4XG5

Vulnerability from github – Published: 2025-04-10 12:31 – Updated: 2025-04-10 15:31
VLAI
Details

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32755"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-10T12:15:16Z",
    "severity": "CRITICAL"
  },
  "details": "In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.",
  "id": "GHSA-rxr3-qrg9-4xg5",
  "modified": "2025-04-10T15:31:48Z",
  "published": "2025-04-10T12:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32755"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2025-04-10/#SECURITY-3565"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VJFH-J2FF-QXW8

Vulnerability from github – Published: 2022-10-14 12:00 – Updated: 2025-05-16 15:30
VLAI
Details

D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42159"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-335",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-13T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.",
  "id": "GHSA-vjfh-j2ff-qxw8",
  "modified": "2025-05-16T15:30:30Z",
  "published": "2022-10-14T12:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42159"
    },
    {
      "type": "WEB",
      "url": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com/en/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRGH-5W3C-GGF8

Vulnerability from github – Published: 2021-12-03 20:38 – Updated: 2021-12-03 15:18
VLAI
Summary
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Details

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "showdoc/showdoc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.9.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-12-02T21:16:12Z",
    "nvd_published_at": "2021-12-01T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG).",
  "id": "GHSA-vrgh-5w3c-ggf8",
  "modified": "2021-12-03T15:18:33Z",
  "published": "2021-12-03T20:38:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3990"
    },
    {
      "type": "WEB",
      "url": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/star7th/showdoc"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}

Mitigation
Implementation

Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

No CAPEC attack patterns related to this CWE.