CWE-338
AllowedUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Abstraction: Base · Status: Draft
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
294 vulnerabilities reference this CWE, most recent first.
CVE-2018-25107 (GCVE-0-2018-25107)
Vulnerability from cvelistv5 – Published: 2024-12-29 00:00 – Updated: 2024-12-31 18:20- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-25107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T18:18:54.677708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T18:20:33.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand() function, which is not a secure source of random bits."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-29T06:23:34.115Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/karenetheridge/Crypt-Random-Source/pull/3"
},
{
"url": "https://metacpan.org/release/ETHER/Crypt-Random-Source-0.13/changes"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-25107",
"datePublished": "2024-12-29T00:00:00.000Z",
"dateReserved": "2024-12-29T00:00:00.000Z",
"dateUpdated": "2024-12-31T18:20:33.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2362 (GCVE-0-2014-2362)
Vulnerability from cvelistv5 – Published: 2014-07-24 14:00 – Updated: 2025-10-06 17:33| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/68797 | vdb-entryx_refsource_BID |
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://support.oleumtech.com/ | |
| http://www.securityfocus.com/bid/68800 | vdb-entryx_refsource_BIDx_transferred |
| http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01 | x_refsource_MISCx_transferred |
| Vendor | Product | Version | |
|---|---|---|---|
| OleumTech | WIO DH2 Wireless Gateway |
Affected:
All versions
|
|
| OleumTech | Sensor Wireless I/O Modules |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68800",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68800"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WIO DH2 Wireless Gateway",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sensor Wireless I/O Modules",
"vendor": "OleumTech",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucas Apa and Carlos Mario Penagos Hollman of IOActive"
}
],
"datePublic": "2014-07-21T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\nOleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.\n\n\u003c/p\u003e"
}
],
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T17:33:48.282Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "68797",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68797"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-202-01a"
},
{
"url": "http://support.oleumtech.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.oleumtech.com/\"\u003ehttp://support.oleumtech.com/\u003c/a\u003e\u0026nbsp;) or contact OleumTech tech support:\u003cp\u003ePhone: 866-508-8586\u003c/p\u003e\n\u003cp\u003eEmail: \u003ca target=\"_blank\" rel=\"nofollow\"\u003eTechSupport@OleumTech.com\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "OleumTech has created updates for both BreeZ and the gateway to mitigate\n all these vulnerabilities. These updates allow users to encrypt their \nwireless traffic with AES256. To obtain these updates, please log in to \nthe OleumTech download center ( http://support.oleumtech.com/ \u00a0) or contact OleumTech tech support:Phone: 866-508-8586\n\n\nEmail: TechSupport@OleumTech.com"
}
],
"source": {
"advisory": "ICSA-14-202-01",
"discovery": "EXTERNAL"
},
"title": "OleumTech WIO Use of Cryptographically Weak Pseudo-Random Number Generator",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68797"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2362",
"datePublished": "2014-07-24T14:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-06T17:33:48.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4574 (GCVE-0-2011-4574)
Vulnerability from cvelistv5 – Published: 2021-10-27 00:52 – Updated: 2024-08-07 00:09| URL | Tags |
|---|---|
| https://tls.mbed.org/tech-updates/security-adviso… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PolarSSL",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PolarSSL 1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor\u0027s high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T00:52:57.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PolarSSL",
"version": {
"version_data": [
{
"version_value": "PolarSSL 1.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor\u0027s high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02",
"refsource": "MISC",
"url": "https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4574",
"datePublished": "2021-10-27T00:52:57.000Z",
"dateReserved": "2011-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:09:19.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3280 (GCVE-0-2008-3280)
Vulnerability from cvelistv5 – Published: 2021-05-21 19:23 – Updated: 2024-08-07 09:28| URL | Tags |
|---|---|
| http://lists.openid.net/pipermail/openid-security… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/5720 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:42.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.openid.net/pipermail/openid-security/2008-August/000942.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openid",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-21T19:23:55.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.openid.net/pipermail/openid-security/2008-August/000942.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/5720"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openid",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-338"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.openid.net/pipermail/openid-security/2008-August/000942.html",
"refsource": "MISC",
"url": "http://lists.openid.net/pipermail/openid-security/2008-August/000942.html"
},
{
"name": "https://www.exploit-db.com/exploits/5720",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/5720"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-3280",
"datePublished": "2021-05-21T19:23:55.000Z",
"dateReserved": "2008-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:28:42.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-20002 (GCVE-0-2002-20002)
Vulnerability from cvelistv5 – Published: 2025-01-02 00:00 – Updated: 2025-01-06 21:08- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2002-20002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T21:08:18.044511Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T21:08:29.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Net::EasyTCP package before 0.15 for Perl always uses Perl\u0027s builtin rand(), which is not a strong random number generator, for cryptographic keys."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T05:00:27.855Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"
},
{
"url": "https://github.com/briandfoy/cpan-security-advisory/issues/184"
},
{
"url": "https://metacpan.org/release/MNAGUIB/EasyTCP-0.15/view/EasyTCP.pm"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-20002",
"datePublished": "2025-01-02T00:00:00.000Z",
"dateReserved": "2025-01-02T00:00:00.000Z",
"dateUpdated": "2025-01-06T21:08:29.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-237R-R8M4-4Q88
Vulnerability from github – Published: 2025-01-06 19:23 – Updated: 2026-07-15 21:57Impact
Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source (https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.php#L192). This can leave servers vulnerable to replay attacks when TLS is not used.
Patches
Upgrade to version 0.8.1 or higher.
Workarounds
No.
References
Issue is similar to https://nvd.nist.gov/vuln/detail/CVE-2025-22376.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "guzzlehttp/oauth-subscriber"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-21617"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-06T19:23:26Z",
"nvd_published_at": "2025-01-06T20:15:39Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nNonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source (https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.php#L192). This can leave servers vulnerable to replay attacks when TLS is not used.\n\n### Patches\n\nUpgrade to version 0.8.1 or higher.\n\n### Workarounds\n\nNo.\n\n### References\n\nIssue is similar to https://nvd.nist.gov/vuln/detail/CVE-2025-22376.",
"id": "GHSA-237r-r8m4-4q88",
"modified": "2026-07-15T21:57:55Z",
"published": "2025-01-06T19:23:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/guzzle/oauth-subscriber/security/advisories/GHSA-237r-r8m4-4q88"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21617"
},
{
"type": "WEB",
"url": "https://github.com/guzzle/oauth-subscriber/commit/92b619b03bd21396e51c62e6bce83467d2ce8f53"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/guzzlehttp/oauth-subscriber/CVE-2025-21617.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/guzzle/oauth-subscriber"
},
{
"type": "WEB",
"url": "https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.php#L192"
},
{
"type": "WEB",
"url": "https://github.com/guzzle/oauth-subscriber/releases/tag/0.8.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Guzzle OAuth Subscriber has insufficient nonce entropy"
}
GHSA-23RF-WQ7X-GVQ7
Vulnerability from github – Published: 2025-04-07 15:31 – Updated: 2025-04-07 21:32WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Specifically WebService::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.
{
"affected": [],
"aliases": [
"CVE-2024-52322"
],
"database_specific": {
"cwe_ids": [
"CWE-331",
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-05T17:15:39Z",
"severity": "MODERATE"
},
"details": "WebService::Xero 0.11 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically WebService::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.",
"id": "GHSA-23rf-wq7x-gvq7",
"modified": "2025-04-07T21:32:07Z",
"published": "2025-04-07T15:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52322"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L17"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent.pm#L178"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L13"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/LOCALSHOP/WebService-Xero-0.11/source/lib/WebService/Xero/Agent/PublicApplication.pm#L93"
},
{
"type": "WEB",
"url": "https://perldoc.perl.org/functions/rand"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-257H-H5GH-R9CX
Vulnerability from github – Published: 2022-05-14 03:46 – Updated: 2025-04-20 03:50An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.
{
"affected": [],
"aliases": [
"CVE-2017-17845"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-27T17:08:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.",
"id": "GHSA-257h-h5gh-r9cx",
"modified": "2025-04-20T03:50:29Z",
"published": "2022-05-14T03:46:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17845"
},
{
"type": "WEB",
"url": "https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-security-announce/2017/msg00333.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2017/dsa-4070"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/enigmail-users%40enigmail.net/msg04280.html"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/enigmail-users@enigmail.net/msg04280.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-27G5-F3JP-4F93
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2023-06-30 18:31Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.
{
"affected": [],
"aliases": [
"CVE-2021-22948"
],
"database_specific": {
"cwe_ids": [
"CWE-327",
"CWE-338",
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-23T13:15:00Z",
"severity": "HIGH"
},
"details": "Vulnerability in the generation of session IDs in revive-adserver \u003c 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.",
"id": "GHSA-27g5-f3jp-4f93",
"modified": "2023-06-30T18:31:00Z",
"published": "2022-05-24T19:15:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22948"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1187820"
},
{
"type": "WEB",
"url": "https://www.revive-adserver.com/security/revive-sa-2021-005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2C59-FQG7-RWRX
Vulnerability from github – Published: 2026-05-15 12:30 – Updated: 2026-05-15 18:30Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.
Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the PID, that is hashed again. These are predictable, low-entropy sources. Predicable session ids could allow an attacker to gain access to systems.
Note that version 1.3.19 has a fallback without warning to use insecure session generation method if the call to Crypt::URandom::urandom fails. However, this is unlikely as Crypt::URandom is a hardcoded requirement of the module.
This issue is similar to CVE-2025-40931 for Apache::Session::Generate::MD5.
{
"affected": [],
"aliases": [
"CVE-2026-8503"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-15T12:17:09Z",
"severity": "MODERATE"
},
"details": "Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.\n\nApache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator returns a SHA-256 hash of the built-in rand() function, the epoch time, and the PID, that is hashed again. These are predictable, low-entropy sources. Predicable session ids could allow an attacker to gain access to systems.\n\nNote that version 1.3.19 has a fallback without warning to use insecure session generation method if the call to Crypt::URandom::urandom fails. However, this is unlikely as Crypt::URandom is a hardcoded requirement of the module.\n\nThis issue is similar to CVE-2025-40931 for Apache::Session::Generate::MD5.",
"id": "GHSA-2c59-fqg7-rwrx",
"modified": "2026-05-15T18:30:33Z",
"published": "2026-05-15T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8503"
},
{
"type": "WEB",
"url": "https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/cc915cbbd266776eec3dd8bf4748b15fa827dbd0.patch"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/GUIMARD/Apache-Session-Browseable-1.3.19/changes"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/GUIMARD/Apache-Session-Browseable-1.3.19/diff/GUIMARD/Apache-Session-Browseable-1.3.18#lib/Apache/Session/Generate/SHA256.pm"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40931"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40932"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
No CAPEC attack patterns related to this CWE.