CWE-332: Insufficient Entropy in PRNG
The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.
Last updated
Overview
CWE-332 (Insufficient Entropy in PRNG) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
5 recorded CVEs are caused by CWE-332 (Insufficient Entropy in PRNG). The highest-severity and most recent are shown first. 1 new CWE-332 CVE has been recorded so far in 2026.
- CVE-2023-20107High · CVSS 7.5 · EPSS 50th2023-03-23
- CVE-2019-1715High · CVSS 7.5 · EPSS 75th2019-05-03
- CVE-2016-9154High · CVSS 7.5 · EPSS 71th2016-12-23
- CVE-2026-3290
Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values
High · CVSS 7.4 · EPSS 5th2026-05-14 - CVE-2017-9371Low · CVSS 2.6 · EPSS 53th2017-11-14
Common consequences
What can happen when CWE-332 is exploited.
DoS: Crash, Exit, or Restart
Affects: Availability
If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash.
Bypass Protection Mechanism, Other
Affects: Access Control, Other
If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to prevent it
Practical mitigations for CWE-332, grouped by where in the lifecycle they apply.
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
Consider a PRNG that re-seeds itself as needed from high-quality pseudo-random output, such as hardware devices.
When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator that always uses strong random data -- i.e., a random number generator that attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally, something that always provides a predictable amount of strength is preferable.
How to detect it
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2019-1715 — security product has insufficient entropy in the DRBG, allowing collisions and private key discovery
Terminology & mappings
Mapped taxonomies
- CLASP: Insufficient entropy in PRNG
- The CERT Oracle Secure Coding Standard for Java (2011): Generate strong random numbers (MSC02-J)
Frequently asked questions
Common questions about CWE-332.
- What is CWE-332?
- The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.
- What CVEs are caused by CWE-332?
- 5 recorded CVEs are attributed to CWE-332, including CVE-2023-20107, CVE-2019-1715, CVE-2016-9154.
- How do you prevent CWE-332?
- Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
- How is CWE-332 detected?
- Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
- What are the consequences of CWE-332?
- Exploiting CWE-332 can lead to: DoS: Crash, Exit, or Restart, Bypass Protection Mechanism, Other.
- Is CWE-332 actively exploited?
- 5 recorded CVEs are caused by CWE-332; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-332) (opens in a new tab)
- CWE-332 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-332
Get alerted the moment a new CWE-332 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.