CWE-330 Detail

CWE-330

Use of Insufficiently Random Values
Alto
Stable
2006-07-19
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notifiche per un CWE specifico
Rimani informato su qualsiasi modifica relativa a un CWE specifico.
Gestione notifiche

Nome: Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

General Informations

Background Details

Modes Of Introduction

Architecture and Design
Implementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Piattaforme applicabili

Linguaggio

Class: Not Language-Specific (Undetermined)

Tecnologie

Class: Not Technology-Specific (Undetermined)

Conseguenze comuni

Ambito Impatto Probabilità
Confidentiality
Other		Other

Note: When a protection mechanism relies on random values to restrict access to a sensitive resource, such as a session ID or a seed for generating a cryptographic key, then the resource being protected could be accessed by guessing the ID or key.
Access Control
Other		Bypass Protection Mechanism, Other

Note: If product relies on unique, unguessable IDs to identify a resource, an attacker might be able to guess an ID for a resource that is owned by another user. The attacker could then read the resource, or pre-create a resource with the same ID to prevent the legitimate program from properly sending the resource to the intended user. For example, a product might maintain session information in a file whose name is based on a username. An attacker could pre-create this file for a victim user, then set the permissions so that the application cannot generate the session for the victim, preventing the victim from using the application.
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity

Note: When an authorization or authentication mechanism relies on random values to restrict access to restricted functionality, such as a session ID or a seed for generating a cryptographic key, then an attacker may access the restricted functionality by guessing the ID or key.

Esempi osservati

Riferimenti Descrizione

CVE-2021-3692

PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens

CVE-2020-7010

Cloud application on Kubernetes generates passwords using a weak random number generator based on deployment time.

CVE-2009-3278

Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.

CVE-2009-3238

Random number generator can repeatedly generate the same value.

CVE-2009-2367

Web application generates predictable session IDs, allowing session hijacking.

CVE-2009-2158

Password recovery utility generates a relatively small number of random passwords, simplifying brute force attacks.

CVE-2009-0255

Cryptographic key created with a seed based on the system time.

CVE-2008-5162

Kernel function does not have a good entropy source just after boot.

CVE-2008-4905

Blogging software uses a hard-coded salt when calculating a password hash.

CVE-2008-4929

Bulletin board application uses insufficiently random names for uploaded files, allowing other users to access private files.

CVE-2008-3612

Handheld device uses predictable TCP sequence numbers, allowing spoofing or hijacking of TCP connections.

CVE-2008-2433

Web management console generates session IDs based on the login time, making it easier to conduct session hijacking.

CVE-2008-0166

SSL library uses a weak random number generator that only generates 65,536 unique keys.

CVE-2008-2108

Chain: insufficient precision causes extra zero bits to be assigned, reducing entropy for an API function that generates random numbers.

CVE-2008-2108

Chain: insufficient precision (CWE-1339) in random-number generator causes some zero bits to be reliably generated, reducing the amount of entropy (CWE-331)

CVE-2008-2020

CAPTCHA implementation does not produce enough different images, allowing bypass using a database of all possible checksums.

CVE-2008-0087

DNS client uses predictable DNS transaction IDs, allowing DNS spoofing.

CVE-2008-0141

Application generates passwords that are based on the time of day.

Potential Mitigations

Phases : Architecture and Design
Phases : Implementation
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Phases : Testing
Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.
Phases : Architecture and Design // Requirements
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
Phases : Testing
Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.

Detection Methods

Black Box

Automated Static Analysis - Binary or Bytecode

Effectiveness : SOAR Partial

Manual Static Analysis - Binary or Bytecode

Effectiveness : SOAR Partial

Dynamic Analysis with Manual Results Interpretation

Effectiveness : SOAR Partial

Manual Static Analysis - Source Code

Effectiveness : High

Automated Static Analysis - Source Code

Effectiveness : SOAR Partial

Architecture or Design Review

Effectiveness : High

Note sulla mappatura delle vulnerabilità

Giustificazione : This CWE entry is a level-1 Class (i.e., a child of a Pillar). It might have lower-level children that would be more appropriate
Commento : Examine children of this entry to see if there is a better fit

Pattern di attacco correlati

CAPEC-ID Nome del pattern di attacco
CAPEC-112 Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485 Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59 Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Note

This can be primary to many other weaknesses such as cryptographic errors, authentication errors, symlink following, information leaks, and others.
As of CWE 4.3, CWE-330 and its descendants are being investigated by the CWE crypto team to identify gaps related to randomness and unpredictability, as well as the relationships between randomness and cryptographic primitives. This "subtree analysis" might result in the addition or deprecation of existing entries; the reorganization of relationships in some views, e.g. the research view (CWE-1000); more consistent use of terminology; and/or significant modifications to related entries.
As of CWE 4.5, terminology related to randomness, entropy, and predictability can vary widely. Within the developer and other communities, "randomness" is used heavily. However, within cryptography, "entropy" is distinct, typically implied as a measurement. There are no commonly-used definitions, even within standards documents and cryptography papers. Future versions of CWE will attempt to define these terms and, if necessary, distinguish between them in ways that are appropriate for different communities but do not reduce the usability of CWE for mapping, understanding, or other scenarios.

Riferimenti

REF-267

FIPS PUB 140-2: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
Information Technology Laboratory, National Institute of Standards and Technology.
https://csrc.nist.gov/files/pubs/fips/140-2/upd2/final/docs/fips1402.pdf

REF-207

Building Secure Software: How to Avoid Security Problems the Right Way
John Viega, Gary McGraw.

REF-7

Writing Secure Code
Michael Howard, David LeBlanc.
https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223

REF-44

24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, John Viega.

REF-1479

State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation
Gregory Larsen, E. Kenneth Hong Fong, David A. Wheeler, Rama S. Moorthy.
https://www.ida.org/-/media/feature/publications/s/st/stateoftheart-resources-soar-for-software-vulnerability-detection-test-and-evaluation/p-5061.ashx

Invio

Nome Organizzazione Data Data di rilascio Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modifiche

Nome Organizzazione Data Commento
Eric Dalci Cigital 2008-07-01 +00:00 updated Time_of_Introduction
CWE Content Team MITRE 2008-09-08 +00:00 updated Background_Details, Relationships, Other_Notes, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities
CWE Content Team MITRE 2008-11-24 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2009-01-12 +00:00 updated Description, Likelihood_of_Exploit, Other_Notes, Potential_Mitigations, Relationships
CWE Content Team MITRE 2009-03-10 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2009-05-27 +00:00 updated Demonstrative_Examples, Related_Attack_Patterns
CWE Content Team MITRE 2009-12-28 +00:00 updated Applicable_Platforms, Common_Consequences, Description, Observed_Examples, Potential_Mitigations, Time_of_Introduction
CWE Content Team MITRE 2010-02-16 +00:00 updated References, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2010-04-05 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2010-06-21 +00:00 updated Detection_Factors, Potential_Mitigations
CWE Content Team MITRE 2011-03-29 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2011-06-27 +00:00 updated Relationships
CWE Content Team MITRE 2011-09-13 +00:00 updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2012-05-11 +00:00 updated Demonstrative_Examples, Observed_Examples, References, Relationships
CWE Content Team MITRE 2014-02-18 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2014-06-23 +00:00 updated Related_Attack_Patterns
CWE Content Team MITRE 2014-07-30 +00:00 updated Detection_Factors
CWE Content Team MITRE 2015-12-07 +00:00 updated Relationships
CWE Content Team MITRE 2017-11-08 +00:00 updated Functional_Areas, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2018-03-27 +00:00 updated References
CWE Content Team MITRE 2019-01-03 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2019-06-20 +00:00 updated Relationships
CWE Content Team MITRE 2020-02-24 +00:00 updated Applicable_Platforms, Description, Relationships
CWE Content Team MITRE 2021-03-15 +00:00 updated Maintenance_Notes, Relationships
CWE Content Team MITRE 2021-07-20 +00:00 updated Demonstrative_Examples, Maintenance_Notes, Observed_Examples
CWE Content Team MITRE 2021-10-28 +00:00 updated Relationships
CWE Content Team MITRE 2022-10-13 +00:00 updated Observed_Examples, Relationships
CWE Content Team MITRE 2023-01-31 +00:00 updated Common_Consequences, Description
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes, Relationships
CWE Content Team MITRE 2023-10-26 +00:00 updated Observed_Examples
CWE Content Team MITRE 2024-02-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-09-09 +00:00 updated Description, Detection_Factors, Diagram, References
CWE Content Team MITRE 2025-12-11 +00:00 updated Relationships
Le informazioni presentate su CVE Find provengono da diverse fonti di riferimento attentamente selezionate. I dati CVE sono forniti da MITRE Corporation e dal National Vulnerability Database (NVD). Il catalogo delle vulnerabilità sfruttate conosciute (KEV) proviene dalla Cybersecurity and Infrastructure Security Agency (CISA), mentre i punteggi EPSS provengono da FIRST.org. Inoltre, i dati relativi alle vulnerabilità software (CWE) e ai pattern di attacco comuni (CAPEC) sono mantenuti da MITRE Corporation, e le informazioni sulle configurazioni hardware e software (CPE) sono fornite da NVD.