Common Weakness Enumeration

CWE-330

Discouraged

Use of Insufficiently Random Values

Abstraction: Class · Status: Stable

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

445 vulnerabilities reference this CWE, most recent first.

GHSA-VJ4F-HCGR-4HVJ

Vulnerability from github – Published: 2023-08-15 15:30 – Updated: 2024-04-04 06:57
VLAI
Details

Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-24478"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-15T13:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.",
  "id": "GHSA-vj4f-hcgr-4hvj",
  "modified": "2024-04-04T06:57:42Z",
  "published": "2023-08-15T15:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24478"
    },
    {
      "type": "WEB",
      "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00850.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VP5Q-Q34G-8MCP

Vulnerability from github – Published: 2022-06-24 00:00 – Updated: 2022-07-07 00:00
VLAI
Details

totd before 1.5.3 does not properly randomize mesg IDs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-23T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "totd before 1.5.3 does not properly randomize mesg IDs.",
  "id": "GHSA-vp5q-q34g-8mcp",
  "modified": "2022-07-07T00:00:24Z",
  "published": "2022-06-24T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34295"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fwdillema/totd/releases/tag/1.5.3"
    },
    {
      "type": "WEB",
      "url": "https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner"
    },
    {
      "type": "WEB",
      "url": "http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VP74-83J6-MV6X

Vulnerability from github – Published: 2022-05-17 05:07 – Updated: 2026-06-02 21:30
VLAI
Details

dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-4734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-06-30T19:28:00Z",
    "severity": "HIGH"
  },
  "details": "dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors.",
  "id": "GHSA-vp74-83j6-mv6x",
  "modified": "2026-06-02T21:30:24Z",
  "published": "2022-05-17T05:07:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4734"
    },
    {
      "type": "WEB",
      "url": "http://www.digitalalertsystems.com/pdf/130604-Monroe-Security-PR.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/662676"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/AAMN-98MU7H"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/AAMN-98MUK2"
    },
    {
      "type": "WEB",
      "url": "http://www.monroe-electronics.com/MONROE_ELECTRONICS_PDF/130604-Monroe-Security-PR.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VQF7-7684-3MJQ

Vulnerability from github – Published: 2023-11-30 18:31 – Updated: 2023-11-30 18:31
VLAI
Details

Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6376"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-30T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Henschen \u0026 Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents.\n\n\n",
  "id": "GHSA-vqf7-7684-3mjq",
  "modified": "2023-11-30T18:31:19Z",
  "published": "2023-11-30T18:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6376"
    },
    {
      "type": "WEB",
      "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-Henschen%26Associates.md"
    },
    {
      "type": "WEB",
      "url": "https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"
    },
    {
      "type": "WEB",
      "url": "https://www.henschen.com/government"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VV74-P9WH-MPF3

Vulnerability from github – Published: 2023-09-02 15:30 – Updated: 2024-04-04 07:22
VLAI
Details

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.  

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39979"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-334"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-02T13:15:44Z",
    "severity": "CRITICAL"
  },
  "details": "There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.\u00a0\u00a0\n\n",
  "id": "GHSA-vv74-p9wh-mpf3",
  "modified": "2024-04-04T07:22:18Z",
  "published": "2023-09-02T15:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39979"
    },
    {
      "type": "WEB",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230403-mxsecurity-series-multiple-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VVH5-6Q9P-XQXH

Vulnerability from github – Published: 2022-05-17 00:01 – Updated: 2022-05-26 00:01
VLAI
Details

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-30782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-16T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers.",
  "id": "GHSA-vvh5-6q9p-xqxh",
  "modified": "2022-05-26T00:01:35Z",
  "published": "2022-05-17T00:01:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30782"
    },
    {
      "type": "WEB",
      "url": "https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openmoney/openmoney-api/blob/1b836e5826dfd59145223a8a48e6c45ddb325762/api/helpers/util.helper.js#L6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W3HJ-WR2Q-X83G

Vulnerability from github – Published: 2021-04-06 17:22 – Updated: 2025-12-02 01:28
VLAI
Summary
Discovery uses the same AES/GCM Nonce throughout the session
Details

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node private key is not compromised, only the session key generated to communicate with an individual peer.

From discovery spec:

The number of messages which can be encrypted with a certain session key is limited because encryption of each message requires a unique nonce for AES-GCM. In addition to the keys, the session cache must also keep track of the count of outgoing messages to ensure the uniqueness of nonce values. Since the wire protocol uses 96 bit AES-GCM nonces, it is strongly recommended to generate them by encoding the current outgoing message count into the first 32 bits of the nonce and filling the remaining 64 bits with random data generated by a cryptographically secure random number generator.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "tech.pegasys.discovery:discovery"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-23688"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323",
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-30T17:04:34Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key.  As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node private key is not compromised, only the session key generated to communicate with an individual peer.\n\nFrom [discovery spec](https://github.com/ethereum/devp2p/blob/f97b8a5b8e9589d3355ebbd9d4a58d5d1644bdf7/discv5/discv5-theory.md#session-cache):\n\u003e The number of messages which can be encrypted with a certain session key is limited because encryption of each message requires a unique nonce for AES-GCM. In addition to the keys, the session cache must also keep track of the count of outgoing messages to ensure the uniqueness of nonce values. Since the wire protocol uses 96 bit AES-GCM nonces, it is strongly recommended to generate them by encoding the current outgoing message count into the first 32 bits of the nonce and filling the remaining 64 bits with random data generated by a cryptographically secure random number generator.",
  "id": "GHSA-w3hj-wr2q-x83g",
  "modified": "2025-12-02T01:28:16Z",
  "published": "2021-04-06T17:22:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23688"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ConsenSys/discovery"
    },
    {
      "type": "WEB",
      "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Discovery uses the same AES/GCM Nonce throughout the session"
}

GHSA-W5C5-F46C-8J6X

Vulnerability from github – Published: 2023-01-13 00:30 – Updated: 2025-04-08 15:30
VLAI
Details

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-12T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.",
  "id": "GHSA-w5c5-f46c-8j6x",
  "modified": "2025-04-08T15:30:38Z",
  "published": "2023-01-13T00:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5242"
    },
    {
      "type": "WEB",
      "url": "https://www.rapid7.com/blog/post/2017/05/17/rapid7-nexpose-virtual-appliance-duplicate-ssh-host-key-cve-2017-5242"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W7J2-35MF-95P7

Vulnerability from github – Published: 2021-08-25 20:52 – Updated: 2022-07-13 20:03
VLAI
Summary
Incorrect check on buffer length in rand_core
Details

An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. The vulnerability was introduced in v0.6.0. The advisory doesn't apply to earlier minor version numbers.

Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "rand_core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.6.0"
            },
            {
              "fixed": "0.6.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-27378"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T17:35:01Z",
    "nvd_published_at": "2021-02-18T04:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because `read_u32_into` and `read_u64_into` mishandle certain buffer-length checks, a random number generator may be seeded with too little data. The vulnerability was introduced in v0.6.0. The advisory doesn\u0027t apply to earlier minor version numbers.\n\nBecause read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.",
  "id": "GHSA-w7j2-35mf-95p7",
  "modified": "2022-07-13T20:03:17Z",
  "published": "2021-08-25T20:52:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27378"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-random/rand/pull/1096"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rust-random/rand"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-random/rand/compare/0.6.0...rand_core-0.6.2#diff-f41b3dfa5ce28f3bee390d327c50621e141cf3569921f8e9ca15ccfcf25263a9R19"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-random/rand/compare/0.6.0...rand_core-0.6.2#diff-f41b3dfa5ce28f3bee390d327c50621e141cf3569921f8e9ca15ccfcf25263a9R28"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0023.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Incorrect check on buffer length in rand_core"
}

GHSA-W86Q-6FXQ-GCMR

Vulnerability from github – Published: 2024-01-02 03:30 – Updated: 2024-01-05 12:30
VLAI
Details

In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32831"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-02T03:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.",
  "id": "GHSA-w86q-6fxq-gcmr",
  "modified": "2024-01-05T12:30:19Z",
  "published": "2024-01-02T03:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32831"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/January-2024"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design
  • Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
  • In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
  • Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Implementation

Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.

Mitigation MIT-2
Architecture and Design Requirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

CAPEC-112: Brute Force

In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.

CAPEC-485: Signature Spoofing by Key Recreation

An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.