CWE-338
AllowedUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Abstraction: Base · Status: Draft
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
293 vulnerabilities reference this CWE, most recent first.
GHSA-83P3-3FRH-4FJJ
Vulnerability from github – Published: 2022-06-16 00:00 – Updated: 2022-06-28 00:00A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-20817"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-15T18:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.",
"id": "GHSA-83p3-3frh-4fjj",
"modified": "2022-06-28T00:00:46Z",
"published": "2022-06-16T00:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20817"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-868P-JHQW-WRGR
Vulnerability from github – Published: 2025-07-16 15:32 – Updated: 2025-11-05 00:31Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely.
The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.
Predicable session ids could allow an attacker to gain access to systems.
{
"affected": [],
"aliases": [
"CVE-2025-40923"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-16T13:15:23Z",
"severity": "HIGH"
},
"details": "Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely.\n\nThe default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nPredicable session ids could allow an attacker to gain access to systems.",
"id": "GHSA-868p-jhqw-wrgr",
"modified": "2025-11-05T00:31:21Z",
"published": "2025-07-16T15:32:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40923"
},
{
"type": "WEB",
"url": "https://github.com/plack/Plack-Middleware-Session/pull/52"
},
{
"type": "WEB",
"url": "https://github.com/plack/Plack-Middleware-Session/commit/1fbfbb355e34e7f4b3906f66cf958cedadd2b9be.patch"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/MIYAGAWA/Plack-Middleware-Session-0.34/source/lib/Plack/Session/State.pm#L22"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/16/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-869W-QXF5-5Q39
Vulnerability from github – Published: 2026-02-13 00:32 – Updated: 2026-02-17 15:31WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
{
"affected": [],
"aliases": [
"CVE-2025-40905"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-13T00:16:03Z",
"severity": "HIGH"
},
"details": "WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.",
"id": "GHSA-869w-qxf5-5q39",
"modified": "2026-02-17T15:31:34Z",
"published": "2026-02-13T00:32:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40905"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/DBOOK/WWW-OAuth-1.000/source/lib/WWW/OAuth.pm#L86"
},
{
"type": "WEB",
"url": "https://perldoc.perl.org/functions/rand"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/02/13/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-86G8-6G97-8FHV
Vulnerability from github – Published: 2022-05-14 01:51 – Updated: 2022-05-14 01:51A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.
{
"affected": [],
"aliases": [
"CVE-2018-17968"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-23T21:30:00Z",
"severity": "HIGH"
},
"details": "A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from the Ethereum blockchain. This can be predicted by writing the same random function code in an exploit contract to determine the deadSeat value.",
"id": "GHSA-86g8-6g97-8fhv",
"modified": "2022-05-14T01:51:54Z",
"published": "2022-05-14T01:51:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17968"
},
{
"type": "WEB",
"url": "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17968"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8CGR-4WGX-XQX4
Vulnerability from github – Published: 2022-05-14 01:46 – Updated: 2022-05-14 01:46The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages).
{
"affected": [],
"aliases": [
"CVE-2018-12975"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-24T22:29:00Z",
"severity": "HIGH"
},
"details": "The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block\u0027s blockhash, and a private variable (which can be read with a getStorageAt call). Therefore, attackers can precompute the random number and manipulate the game (e.g., get powerful characters or get critical damages).",
"id": "GHSA-8cgr-4wgx-xqx4",
"modified": "2022-05-14T01:46:48Z",
"published": "2022-05-14T01:46:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12975"
},
{
"type": "WEB",
"url": "https://medium.com/@jonghyk.song/create-legendary-champs-by-breaking-prng-of-cryptosaga-an-ethereum-rpg-game-cve-2018-12975-8de733ff8255"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8V9H-M7PJ-HX7C
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-02-12 11:46A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-7860"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-17T20:57:19Z",
"nvd_published_at": "2019-08-02T22:15:00Z",
"severity": "HIGH"
},
"details": "A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.",
"id": "GHSA-8v9h-m7pj-hx7c",
"modified": "2024-02-12T11:46:03Z",
"published": "2022-05-24T16:52:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7860"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7860.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/magento/magento2"
},
{
"type": "WEB",
"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20220121011306/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Magento 2 Community Edition Weak PRNG"
}
GHSA-8VX9-59H6-X23V
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.
{
"affected": [],
"aliases": [
"CVE-2016-10180"
],
"database_specific": {
"cwe_ids": [
"CWE-1241",
"CWE-330",
"CWE-335",
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-30T04:59:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.",
"id": "GHSA-8vx9-59h6-x23v",
"modified": "2022-05-13T01:10:32Z",
"published": "2022-05-13T01:10:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10180"
},
{
"type": "WEB",
"url": "https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95877"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-94W5-83FG-VHGC
Vulnerability from github – Published: 2023-03-28 21:30 – Updated: 2023-04-05 03:30Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product.
{
"affected": [],
"aliases": [
"CVE-2023-28395"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-28T20:15:00Z",
"severity": "HIGH"
},
"details": "Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product.",
"id": "GHSA-94w5-83fg-vhgc",
"modified": "2023-04-05T03:30:18Z",
"published": "2023-03-28T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28395"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-082-06"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-94WC-GX8C-8825
Vulnerability from github – Published: 2022-07-07 00:00 – Updated: 2022-07-16 00:00OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal
{
"affected": [],
"aliases": [
"CVE-2022-33738"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-06T16:15:00Z",
"severity": "HIGH"
},
"details": "OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal",
"id": "GHSA-94wc-gx8c-8825",
"modified": "2022-07-16T00:00:30Z",
"published": "2022-07-07T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33738"
},
{
"type": "WEB",
"url": "https://openvpn.net/vpn-server-resources/release-notes/#openvpn-access-server-2-11-0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-97P2-62HQ-G269
Vulnerability from github – Published: 2026-04-30 12:33 – Updated: 2026-04-30 21:30Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely.
The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times.
The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations.
The epoch time can be guessed by an attacker, and may be leaked in the HTTP header.
The process id comes from a small set of numbers, and workers may have sequential process ids.
The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications.
Predictable session ids could allow an attacker to gain access to systems.
{
"affected": [],
"aliases": [
"CVE-2026-5080"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T12:16:24Z",
"severity": "MODERATE"
},
"details": "Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely.\n\nThe session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times.\n\nThe path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations.\n\nThe epoch time can be guessed by an attacker, and may be leaked in the HTTP header.\n\nThe process id comes from a small set of numbers, and workers may have sequential process ids.\n\nThe built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications.\n\nPredictable session ids could allow an attacker to gain access to systems.",
"id": "GHSA-97p2-62hq-g269",
"modified": "2026-04-30T21:30:35Z",
"published": "2026-04-30T12:33:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5080"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/BIGPRESH/Dancer-1.3522/source/lib/Dancer/Session/Abstract.pm#L85-102"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/patches/D/Dancer/1.3522/CVE-2026-5080-r1.patch"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/19"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
No CAPEC attack patterns related to this CWE.