CWE-343

Predictable Value Range from Previous Values

The product's random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities for the next value that could be generated.

Mitigation

Phases:

Description:

Increase the entropy used to seed a PRNG.

Mitigation ID: MIT-2

Phases: Architecture and Design, Requirements

Strategy: Libraries or Frameworks

Description:

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

Mitigation ID: MIT-50

Phase: Implementation

Description:

Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page