Common Weakness Enumeration

CWE-338

Allowed

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Abstraction: Base · Status: Draft

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

299 vulnerabilities reference this CWE, most recent first.

GHSA-J37G-G7HG-VHG6

Vulnerability from github – Published: 2026-07-01 06:31 – Updated: 2026-07-09 06:31
VLAI
Details

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes() function seeds libc rand() with time(0) + getpid() + rand() and generates a 16-byte challenge. The combined seed space is approximately 31 bits (libc rand() internal state) and is entirely determined by publicly-observable values (wall-clock time and process ID). An attacker who can observe the authentication exchange can enumerate the seed space and predict the challenge within seconds, enabling forgery or offline brute-forcing of responses. Note: on Windows, the active code path may use vncEncryptBytes2.cpp which calls CryptGenRandom; reachability on shipped Windows binaries requires compile-graph verification and is under investigation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-44040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-01T05:16:20Z",
    "severity": "MODERATE"
  },
  "details": "UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes() function seeds libc rand() with time(0) + getpid() + rand() and generates a 16-byte challenge. The combined seed space is approximately 31 bits (libc rand() internal state) and is entirely determined by publicly-observable values (wall-clock time and process ID). An attacker who can observe the authentication exchange can enumerate the seed space and predict the challenge within seconds, enabling forgery or offline brute-forcing of responses. Note: on Windows, the active code path may use vncEncryptBytes2.cpp which calls CryptGenRandom; reachability on shipped Windows binaries requires compile-graph verification and is under investigation.",
  "id": "GHSA-j37g-g7hg-vhg6",
  "modified": "2026-07-09T06:31:59Z",
  "published": "2026-07-01T06:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44040"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ultravnc/UltraVNC"
    },
    {
      "type": "WEB",
      "url": "https://uvnc.com"
    },
    {
      "type": "WEB",
      "url": "https://www.securin.io/zero-days/cve-2026-44040-libc-rand-weak-rng-vnc-auth-challenge-ultravnc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3RH-8VWQ-WH84

Vulnerability from github – Published: 2020-06-26 16:48 – Updated: 2023-01-20 18:53
VLAI
Summary
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Details

JHipster Kotlin is using an insecure source of randomness to generate all of its random values. JHipster Kotlin relies upon apache commons lang3 RandomStringUtils.

From the documentation:

Caveat: Instances of Random, upon which the implementation of this class relies, are not cryptographically secure. - https://commons.apache.org/proper/commons-lang/javadocs/api-3.9/org/apache/commons/lang3/RandomStringUtils.html

Here are the examples of JHipster Kotlin's use of an insecure PRNG:

https://github.com/jhipster/jhipster-kotlin/blob/193ae8f13c0be686f9687e78bacfedb144c47d8c/generators/server/templates/src/main/kotlin/package/service/util/RandomUtil.kt.ejs#L32

Proof Of Concepts Already Exist

There has been a POC of taking one RNG value generated RandomStringUtils and reversing it to generate all of the past/future RNG values public since March 3rd, 2018.

https://medium.com/@alex91ar/the-java-soothsayer-a-practical-application-for-insecure-randomness-c67b0cd148cd

POC Repository: https://github.com/alex91ar/randomstringutils

Potential Impact Technical

All that is required is to get one password reset token from a JHipster Kotlin generated service and using the POC above, you can reverse what all future password reset tokens to be generated by this server. This allows an attacker to pick and choose what account they would like to takeover by sending account password reset requests for targeted accounts.

Potential Impact Scale

Not as large as for the original jhipster project as the kotlin blueprint is not that widely used.

Patches

Update your generated applications to > 1.2.0

Workarounds

Change the content of RandomUtil.kt like this:

import java.security.SecureRandom
import org.apache.commons.lang3.RandomStringUtils

private const val DEF_COUNT = 20

object RandomUtil {
    private val secureRandom: SecureRandom = SecureRandom()

    init {
        secureRandom.nextBytes(byteArrayOf(64.toByte()))
    }

    private fun generateRandomAlphanumericString(): String {
        return RandomStringUtils.random(DEF_COUNT, 0, 0, true, true, null, secureRandom)
    }

    /**
    * Generate a password.
    *
    * @return the generated password.
    */
    fun generatePassword(): String = generateRandomAlphanumericString()
}

Important is to exchange every call of RandomStringUtils.randomAlphaNumeric.

For more information

If you have any questions or comments about this advisory: * Open an issue in JHipster Kotlin

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "generator-jhipster-kotlin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-16303"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-26T16:47:54Z",
    "nvd_published_at": "2019-09-14T00:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "JHipster Kotlin is using an insecure source of randomness to generate all of its random values. JHipster Kotlin relies upon apache commons lang3 `RandomStringUtils`.\n\nFrom the documentation:\n\n\u003e Caveat: Instances of Random, upon which the implementation of this class relies, are not cryptographically secure.\n\u003e \\- https://commons.apache.org/proper/commons-lang/javadocs/api-3.9/org/apache/commons/lang3/RandomStringUtils.html\n\nHere are the examples of JHipster Kotlin\u0027s use of an insecure PRNG:\n\nhttps://github.com/jhipster/jhipster-kotlin/blob/193ae8f13c0be686f9687e78bacfedb144c47d8c/generators/server/templates/src/main/kotlin/package/service/util/RandomUtil.kt.ejs#L32\n\n## Proof Of Concepts Already Exist\n\nThere has been a POC of taking one RNG value generated `RandomStringUtils` and reversing it to generate all of the past/future RNG values public since March 3rd, 2018.\n\nhttps://medium.com/@alex91ar/the-java-soothsayer-a-practical-application-for-insecure-randomness-c67b0cd148cd\n\nPOC Repository: https://github.com/alex91ar/randomstringutils\n\n\n## Potential Impact Technical\n\nAll that is required is to get one password reset token from a JHipster Kotlin generated service and using the POC above, you can reverse what all future password reset tokens to be generated by this server. This allows an attacker to pick and choose what account they would like to takeover by sending account password reset requests for targeted accounts.\n\n## Potential Impact Scale\n\nNot as large as for the original jhipster project as the kotlin blueprint is not that widely used.\n\n### Patches\n\nUpdate your generated applications to \u003e 1.2.0\n\n### Workarounds\n\nChange the content of `RandomUtil.kt` like this:\n\n```kotlin\nimport java.security.SecureRandom\nimport org.apache.commons.lang3.RandomStringUtils\n\nprivate const val DEF_COUNT = 20\n\nobject RandomUtil {\n    private val secureRandom: SecureRandom = SecureRandom()\n\n    init {\n        secureRandom.nextBytes(byteArrayOf(64.toByte()))\n    }\n\n    private fun generateRandomAlphanumericString(): String {\n        return RandomStringUtils.random(DEF_COUNT, 0, 0, true, true, null, secureRandom)\n    }\n\n    /**\n    * Generate a password.\n    *\n    * @return the generated password.\n    */\n    fun generatePassword(): String = generateRandomAlphanumericString()\n}\n```\n\nImportant is to exchange **every** call of `RandomStringUtils.randomAlphaNumeric`.\n\n\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [JHipster Kotlin](https://github.com/jhipster/jhipster-kotlin)",
  "id": "GHSA-j3rh-8vwq-wh84",
  "modified": "2023-01-20T18:53:25Z",
  "published": "2020-06-26T16:48:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mwp6-j9wf-968c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16303"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/generator-jhipster/issues/10401"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/jhipster-kotlin/issues/183"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/generator-jhipster/commit/88448b85fd3e8e49df103f0061359037c2c68ea7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/jhipster-kotlin/commit/deec3587ef7721cf5de5b960d43e9b68beff6193"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jhipster/generator-jhipster"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6d243e7e3f25daeb242dacf3def411fba32a9388d3ff84918cb28ddd@%3Cissues.commons.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc3f00f5d3d2ec0e2381a3b9096d5f5b4d46ec1587ee7e251a3dbb897@%3Cissues.commons.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc87fa35a48b5d70b06af6fb81785ed82e82686eb83307aae6d250dc9@%3Cissues.commons.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-466980"
    },
    {
      "type": "WEB",
      "url": "https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1187"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1188"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0"
}

GHSA-J539-XXC6-73WF

Vulnerability from github – Published: 2026-05-08 18:31 – Updated: 2026-05-27 00:31
VLAI
Details

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.

The built-in rand function is predictable, and unsuitable for cryptography.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T18:16:34Z",
    "severity": "HIGH"
  },
  "details": "Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.\n\nThe built-in rand function is predictable, and unsuitable for cryptography.",
  "id": "GHSA-j539-xxc6-73wf",
  "modified": "2026-05-27T00:31:26Z",
  "published": "2026-05-08T18:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6659"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ronsavage/Crypt-PasswdMD5/pull/3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ronsavage/Crypt-PasswdMD5/commit/a2f821637db0296082297aa4b02254ab08f0dc5e.patch"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.42/source/lib/Crypt/PasswdMD5.pm#L35-47"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.43/changes"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/08/17"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J74M-34V4-RGQP

Vulnerability from github – Published: 2026-04-27 15:30 – Updated: 2026-04-27 15:30
VLAI
Details

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-27T15:16:20Z",
    "severity": "HIGH"
  },
  "details": "SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.",
  "id": "GHSA-j74m-34v4-rgqp",
  "modified": "2026-04-27T15:30:52Z",
  "published": "2026-04-27T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40514"
    },
    {
      "type": "WEB",
      "url": "https://www.smartertools.com/smartermail/release-notes/current"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/smartertools-smartermail-build-9610-cryptographic-weakness-via-weak-rng"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-J85Q-WHC9-G4P9

Vulnerability from github – Published: 2021-09-02 17:07 – Updated: 2021-08-16 23:13
VLAI
Summary
Use of Cryptographically Weak Pseudo-Random Number Generator in showdoc
Details

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "showdoc/showdoc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.9.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-3678"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-16T23:13:12Z",
    "nvd_published_at": "2021-08-04T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
  "id": "GHSA-j85q-whc9-g4p9",
  "modified": "2021-08-16T23:13:12Z",
  "published": "2021-09-02T17:07:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3678"
    },
    {
      "type": "WEB",
      "url": "https://github.com/star7th/showdoc/commit/4b962c1740311e0d46775023b6acba39ad60e370"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/f9a9defd-29ea-4442-b692-ff1512813de4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use of Cryptographically Weak Pseudo-Random Number Generator in showdoc"
}

GHSA-JGH6-FQF6-CPJ8

Vulnerability from github – Published: 2025-07-19 00:32 – Updated: 2025-12-03 15:30
VLAI
Details

In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7394"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-18T23:15:23Z",
    "severity": "HIGH"
  },
  "details": "In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report.",
  "id": "GHSA-jgh6-fqf6-cpj8",
  "modified": "2025-12-03T15:30:27Z",
  "published": "2025-07-19T00:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7394"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JGPX-VX43-89FF

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2022-05-24 19:10
VLAI
Details

A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3047"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-11T17:15:00Z",
    "severity": "LOW"
  },
  "details": "A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator\u0027s session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted.",
  "id": "GHSA-jgpx-vx43-89ff",
  "modified": "2022-05-24T19:10:41Z",
  "published": "2022-05-24T19:10:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3047"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2021-3047"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-JJ4X-QM7Q-JMM9

Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2022-05-24 17:17
VLAI
Details

Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-08T20:15:00Z",
    "severity": "LOW"
  },
  "details": "Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).",
  "id": "GHSA-jj4x-qm7q-jmm9",
  "modified": "2022-05-24T17:17:31Z",
  "published": "2022-05-24T17:17:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6616"
    },
    {
      "type": "WEB",
      "url": "https://github.com/seemoo-lab/internalblue/blob/master/doc/rng.md"
    },
    {
      "type": "WEB",
      "url": "https://media.ccc.de/v/DiVOC-6-finding_eastereggs_in_broadcom_s_bluetooth_random_number_generator"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211168"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211100"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211168"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/naehrdine/status/1255980443368919045"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/naehrdine/status/1255981245147877377"
    },
    {
      "type": "WEB",
      "url": "http://bluetooth.lol"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/May/49"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JQXQ-7F92-M7WW

Vulnerability from github – Published: 2025-03-11 00:31 – Updated: 2025-03-11 03:30
VLAI
Details

Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions.

Crypt::Random::rand 1.05 through 1.55 uses the rand() function. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider.

In particular, Windows versions of perl will encounter this issue by default.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-11T00:15:11Z",
    "severity": "HIGH"
  },
  "details": "Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions.\n\nCrypt::Random::rand 1.05 through 1.55 uses the rand() function.  If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider.\n\nIn particular, Windows versions of perl will encounter this issue by default.",
  "id": "GHSA-jqxq-7f92-m7ww",
  "modified": "2025-03-11T03:30:49Z",
  "published": "2025-03-11T00:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1828"
    },
    {
      "type": "WEB",
      "url": "https://github.com/perl-Crypt-OpenPGP/Crypt-Random/pull/1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/perl-Crypt-OpenPGP/Crypt-Random/commit/1f8b29e9e89d8d083fd025152e76ec918136cc05"
    },
    {
      "type": "WEB",
      "url": "https://perldoc.perl.org/functions/rand"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JW9C-3JFH-2QQ2

Vulnerability from github – Published: 2024-05-06 03:30 – Updated: 2024-07-03 18:38
VLAI
Details

Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34538"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-06T03:15:10Z",
    "severity": "HIGH"
  },
  "details": "Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.",
  "id": "GHSA-jw9c-3jfh-2qq2",
  "modified": "2024-07-03T18:38:59Z",
  "published": "2024-05-06T03:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34538"
    },
    {
      "type": "WEB",
      "url": "https://hansesecure.de/2023/02/schwachstelle-in-passwordsafe-mateso"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

No CAPEC attack patterns related to this CWE.