PRNG Seed Error| ID: 335 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Class |
Description
A Pseudo-Random Number Generator (PRNG) uses seeds
incorrectly.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Access_ControlOther | Bypass protection
mechanismOther | if a PRNG is used incorrectly, such as using the same seed for each
initialization or using a predictable seed, then an attacker may be able
to easily guess the seed and thus the random numbers. This could lead to
unauthorized access to a system if the seed is used for authentication
and authorization. |
Detection MethodsNone
Potential MitigationsNone
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-335 ChildOf CWE-905 | Category | CWE-888 | |
Demonstrative ExamplesNone
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| PLOVER | | PRNG Seed Error | |
References:
- Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 20: Weak Random Numbers." Page 299'. Published on 2010.
