BaseDraft

CWE-334Small Space of Random Values

Category: other

Description

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

Common consequences· 1

  • Access Control / Other — Bypass Protection Mechanism, Other
    An attacker could easily guess the values used. This could lead to unauthorized access to a system if the seed is used for authentication and authorization.

Potential mitigations· 1

  • [Architecture and Design, Requirements]Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

References

  1. https://cwe.mitre.org/data/definitions/334.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of Insufficiently Random Values
CWE
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE
Predictable Value Range from Previous Values
CWE
Inadequate Encryption Strength
CWE
Insufficient Entropy
CWE
Generation of Predictable Numbers or Identifiers
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.