[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Use of Cryptographically Weak PRNG

ID: 338Date: (C)2012-05-14   (M)2017-10-12
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.

Likelihood of Exploit: Medium

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Access_Control
 
Bypass protection mechanism
 
If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality.
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Implementation
 
 Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
 
  

Relationships

Related CWETypeViewChain
CWE-338 ChildOf CWE-905 Category CWE-888  

Demonstrative Examples   (Details)

  1. Both of these examples use a statistical PRNG to generate a random number: (Demonstrative Example Id DX-102)

Observed Examples

  1. CVE-2009-3278 : Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
  2. CVE-2009-3238 : Random number generator can repeatedly generate the same value.
  3. CVE-2009-2367 : Web application generates predictable session IDs, allowing session hijacking.
  4. CVE-2008-0166 : SSL library uses a weak random number generator that only generates 65,536 unique keys.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
CLASP  Non-cryptographic PRNG
 
 

References:

  1. Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 20: Weak Random Numbers." Page 299'. Published on 2010.

© 2013 SecPod Technologies