BaseDraft
CWE-338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Category: other
Description
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
Common consequences· 1
- Access Control — Bypass Protection MechanismIf a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality.
Potential mitigations· 1
- [Implementation]Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
References
Compliance frameworks addressing this (incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| ComplianceControl | owasp_top10-a02 | 100% | live |
(incoming)26
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-15578cve-2025-15578 | 0% | live |
| Vulnerability | CVE-2025-15604cve-2025-15604 | 0% | live |
| Vulnerability | CVE-2025-15618cve-2025-15618 | 0% | live |
| Vulnerability | CVE-2025-1796cve-2025-1796 | 0% | live |
| Vulnerability | CVE-2025-1828cve-2025-1828 | 0% | live |
| Vulnerability | CVE-2025-32754cve-2025-32754 | 0% | live |
| Vulnerability | CVE-2025-32755cve-2025-32755 | 0% | live |
| Vulnerability | CVE-2025-3495cve-2025-3495 | 0% | live |
| Vulnerability | CVE-2025-40916cve-2025-40916 | 0% | live |
| Vulnerability | CVE-2025-40920cve-2025-40920 | 0% | live |
| Vulnerability | CVE-2025-40925cve-2025-40925 | 0% | live |
| Vulnerability | CVE-2025-40926cve-2025-40926 | 0% | live |
| Vulnerability | CVE-2025-40931cve-2025-40931 | 0% | live |
| Vulnerability | CVE-2025-40932cve-2025-40932 | 0% | live |
| Vulnerability | CVE-2025-59390cve-2025-59390 | 0% | live |
| Vulnerability | CVE-2025-66565cve-2025-66565 | 0% | live |
| Vulnerability | CVE-2025-66630cve-2025-66630 | 0% | live |
| Vulnerability | CVE-2025-67504cve-2025-67504 | 0% | live |
| Vulnerability | CVE-2025-68932cve-2025-68932 | 0% | live |
| Vulnerability | CVE-2025-7394cve-2025-7394 | 0% | live |
| Vulnerability | CVE-2026-2439cve-2026-2439 | 0% | live |
| Vulnerability | CVE-2026-25726cve-2026-25726 | 0% | live |
| Vulnerability | CVE-2026-3256cve-2026-3256 | 0% | live |
| Vulnerability | CVE-2026-41505cve-2026-41505 | 0% | live |
| Vulnerability | CVE-2026-47372cve-2026-47372 | 0% | live |
| Vulnerability | CVE-2026-5085cve-2026-5085 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.