BaseDraft

CWE-335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Category: other

Description

The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

Common consequences· 1

  • Access Control / Other — Bypass Protection Mechanism, Other
    If a PRNG is used incorrectly, such as using the same seed for each initialization or using a predictable seed, then an attacker may be able to easily guess the seed and thus the random numbers. This could lead to unauthorized access to a system if the seed is used for authentication and authorization.

References

  1. https://cwe.mitre.org/data/definitions/335.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE
Use of Insufficiently Random Values
CWE
Use of a Broken or Risky Cryptographic Algorithm
CWE
Use of a Cryptographic Primitive with a Risky Implementation
CWE
Generation of Weak Initialization Vector (IV)
CWE
Reliance on Insufficiently Trustworthy Component
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.