Variant weakness

Draft

CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)

A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Given the deterministic nature of PRNGs, using the same seed for each initialization will lead to the same output in the same order. If an attacker can guess (or knows) the seed, then the attacker may be able to determine the random numbers that will be produced from the PRNG.

CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-336?

What CVEs are caused by CWE-336?

How do you prevent CWE-336?

How is CWE-336 detected?

What are the consequences of CWE-336?

Is CWE-336 actively exploited?

References

Stay ahead of CWE-336

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-336?

What CVEs are caused by CWE-336?

How do you prevent CWE-336?

How is CWE-336 detected?

What are the consequences of CWE-336?

Is CWE-336 actively exploited?

References

Stay ahead of CWE-336