CWE-334

Small Space of Random Values

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

Mitigation ID: MIT-2

Phases: Architecture and Design, Requirements

Strategy: Libraries or Frameworks

Description:

  • Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

No CAPEC attack patterns related to this CWE.

Back to CWE stats page