Class weakness

Stable

CWE-330: Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

135

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

High

Likelihood of exploit

Per MITRE

Class

Abstraction

MITRE classification

Overview

CWE-330 (Use of Insufficiently Random Values) is a class-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Background

Computers are deterministic machines, and as such are unable to produce true randomness. Pseudo-Random Number Generators (PRNGs) approximate randomness algorithmically, starting with a seed from which subsequent values are calculated. There are two types of PRNGs: statistical and cryptographic. Statistical PRNGs provide useful statistical properties, but their output is highly predictable and forms an easy to reproduce numeric stream that is unsuitable for use in cases where security depends on generated values being unpredictable. Cryptographic PRNGs address this problem by generating output that is more difficult to predict. For a value to be cryptographically secure, it must be impossible or highly improbable for an attacker to distinguish between it and a truly random value.

Illustrative examples

Real CVEs that MITRE cites as examples of this weakness.

CVE-2021-3692 — PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens
CVE-2020-7010 — Cloud application on Kubernetes generates passwords using a weak random number generator based on deployment time.
CVE-2009-3278 — Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
CVE-2009-3238 — Random number generator can repeatedly generate the same value.
CVE-2009-2367 — Web application generates predictable session IDs, allowing session hijacking.
CVE-2009-2158 — Password recovery utility generates a relatively small number of random passwords, simplifying brute force attacks.
CVE-2009-0255 — Cryptographic key created with a seed based on the system time.
CVE-2008-5162 — Kernel function does not have a good entropy source just after boot.
CVE-2008-4905 — Blogging software uses a hard-coded salt when calculating a password hash.
CVE-2008-4929 — Bulletin board application uses insufficiently random names for uploaded files, allowing other users to access private files.
CVE-2008-3612 — Handheld device uses predictable TCP sequence numbers, allowing spoofing or hijacking of TCP connections.
CVE-2008-2433 — Web management console generates session IDs based on the login time, making it easier to conduct session hijacking.
CVE-2008-0166 — SSL library uses a weak random number generator that only generates 65,536 unique keys.
CVE-2008-2108 — Chain: insufficient precision causes extra zero bits to be assigned, reducing entropy for an API function that generates random numbers.
CVE-2008-2108 — Chain: insufficient precision (CWE-1339) in random-number generator causes some zero bits to be reliably generated, reducing the amount of entropy (CWE-331)
CVE-2008-2020 — CAPTCHA implementation does not produce enough different images, allowing bypass using a database of all possible checksums.
CVE-2008-0087 — DNS client uses predictable DNS transaction IDs, allowing DNS spoofing.
CVE-2008-0141 — Application generates passwords that are based on the time of day.

CWE-330: Use of Insufficiently Random Values

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Black Box

Automated Static Analysis - Binary or Bytecode

Manual Static Analysis - Binary or Bytecode

Dynamic Analysis with Manual Results Interpretation

Manual Static Analysis - Source Code

Automated Static Analysis - Source Code

Architecture or Design Review

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-330?

What CVEs are caused by CWE-330?

Is CWE-330 part of the OWASP Top 10?

How do you prevent CWE-330?

How is CWE-330 detected?

What are the consequences of CWE-330?

Is CWE-330 actively exploited?

References

Stay ahead of CWE-330

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Black Box

Automated Static Analysis - Binary or Bytecode

Manual Static Analysis - Binary or Bytecode

Dynamic Analysis with Manual Results Interpretation

Manual Static Analysis - Source Code

Automated Static Analysis - Source Code

Architecture or Design Review

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Can precede

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-330?

What CVEs are caused by CWE-330?

Is CWE-330 part of the OWASP Top 10?

How do you prevent CWE-330?

How is CWE-330 detected?

What are the consequences of CWE-330?

Is CWE-330 actively exploited?

References

Stay ahead of CWE-330