Détail du CWE-339

CWE-339

Small Seed Space in PRNG
Draft
2006-07-19
00h00 +00:00
2023-10-26
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Gestion des notifications

Nom: Small Seed Space in PRNG

A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks.

Description du CWE

PRNGs are entirely deterministic once seeded, so it should be extremely difficult to guess the seed. If an attacker can collect the outputs of a PRNG and then brute force the seed by trying every possibility to see which seed matches the observed output, then the attacker will know the output of any subsequent calls to the PRNG. A small seed space implies that the attacker will have far fewer possible values to try to exhaust all possibilities.

Informations générales

Modes d'introduction

Implementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Conséquences courantes

Portée Impact Probabilité
OtherVaries by Context

Exemples observés

Références Description

CVE-2019-10908

product generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has only a 48-bit seed.

Mesures d’atténuation potentielles

Phases : Architecture and Design
Use well vetted pseudo-random number generating algorithms with adequate length seeds. Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Phases : Architecture and Design // Requirements
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

NotesNotes

This entry may have a chaining relationship with predictable from observable state (CWE-341).
As of CWE 4.5, terminology related to randomness, entropy, and predictability can vary widely. Within the developer and other communities, "randomness" is used heavily. However, within cryptography, "entropy" is distinct, typically implied as a measurement. There are no commonly-used definitions, even within standards documents and cryptography papers. Future versions of CWE will attempt to define these terms and, if necessary, distinguish between them in ways that are appropriate for different communities but do not reduce the usability of CWE for mapping, understanding, or other scenarios.

Références

REF-267

SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
Information Technology Laboratory, National Institute of Standards and Technology.
https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402.pdf

REF-1192

FIPS PUB 140-3: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
Information Technology Laboratory, National Institute of Standards and Technology.
https://csrc.nist.gov/publications/detail/fips/140/3/final

Soumission

Nom Organisation Date Date de publication Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modifications

Nom Organisation Date Commentaire
Eric Dalci Cigital 2008-07-01 +00:00 updated Time_of_Introduction
CWE Content Team MITRE 2008-09-08 +00:00 updated Maintenance_Notes, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2009-03-10 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2009-12-28 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2010-06-21 +00:00 updated Observed_Examples, Potential_Mitigations
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2011-06-27 +00:00 updated Common_Consequences
CWE Content Team MITRE 2011-09-13 +00:00 updated Potential_Mitigations, References
CWE Content Team MITRE 2012-05-11 +00:00 updated Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2017-11-08 +00:00 updated Applicable_Platforms, Modes_of_Introduction, References, Relationships
CWE Content Team MITRE 2019-06-20 +00:00 updated Type
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2021-03-15 +00:00 updated Maintenance_Notes
CWE Content Team MITRE 2021-07-20 +00:00 updated Demonstrative_Examples, Description, Maintenance_Notes, Observed_Examples, Potential_Mitigations, References
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships, Time_of_Introduction
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2023-10-26 +00:00 updated Demonstrative_Examples