SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CWE

Use of Cryptographically Weak PRNG

Description

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.

Likelihood of Exploit: Medium

Applicable Platforms
Language Class: All

Time Of Introduction

Common Consequences

Scope	Technical Impact	Notes
Access_Control	Bypass protection mechanism	If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality.

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Implementation		Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

Relationships

Related CWE	Type	View	Chain
CWE-338 ChildOf CWE-905	Category	CWE-888

Demonstrative Examples (Details)

Observed Examples

CVE-2009-3278 : Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
CVE-2009-3238 : Random number generator can repeatedly generate the same value.
CVE-2009-2367 : Web application generates predictable session IDs, allowing session hijacking.
CVE-2008-0166 : SSL library uses a weak random number generator that only generates 65,536 unique keys.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
CLASP		Non-cryptographic PRNG

References:

Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 20: Weak Random Numbers." Page 299'. Published on 2010.