BaseDraft

CWE-342Predictable Exact Value from Previous Values

Category: other

Description

An exact value or random number can be precisely predicted by observing previous values.

Common consequences· 1

  • Other — Varies by Context

Potential mitigations· 3

  • []Increase the entropy used to seed a PRNG.
  • [Architecture and Design, Requirements]Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
  • [Implementation]Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.

References

  1. https://cwe.mitre.org/data/definitions/342.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Predictable from Observable State
CWE
Predictable Value Range from Previous Values
CWE
Use of Predictable Algorithm in Random Number Generator
CWE
Insufficient Entropy
CWE
Predictable Seed in Pseudo-Random Number Generator (PRNG)
CWE
Use of Invariant Value in Dynamically Changing Context
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.