Variant weakness

Draft

CWE-332: Insufficient Entropy in PRNG

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Medium

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

CWE-332 (Insufficient Entropy in PRNG) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

CWE-332: Insufficient Entropy in PRNG

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-332?

What CVEs are caused by CWE-332?

How do you prevent CWE-332?

How is CWE-332 detected?

What are the consequences of CWE-332?

Is CWE-332 actively exploited?

References

Stay ahead of CWE-332

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-332?

What CVEs are caused by CWE-332?

How do you prevent CWE-332?

How is CWE-332 detected?

What are the consequences of CWE-332?

Is CWE-332 actively exploited?

References

Stay ahead of CWE-332