CWE-330
DiscouragedUse of Insufficiently Random Values
Abstraction: Class · Status: Stable
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
445 vulnerabilities reference this CWE, most recent first.
GHSA-W9VX-9MGG-M33X
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.
{
"affected": [],
"aliases": [
"CVE-2020-27264"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-19T21:15:00Z",
"severity": "HIGH"
},
"details": "In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.",
"id": "GHSA-w9vx-9mgg-m33x",
"modified": "2022-05-24T17:39:27Z",
"published": "2022-05-24T17:39:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27264"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WGJ9-CWMQ-97X8
Vulnerability from github – Published: 2022-09-27 00:00 – Updated: 2025-05-21 18:32ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.
{
"affected": [],
"aliases": [
"CVE-2022-38970"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-26T11:15:00Z",
"severity": "MODERATE"
},
"details": "ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.",
"id": "GHSA-wgj9-cwmq-97x8",
"modified": "2025-05-21T18:32:58Z",
"published": "2022-09-27T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38970"
},
{
"type": "WEB",
"url": "https://www.realinfosec.net/cybersecurity-news/iegeek-vulnerabilities-still-prevalent-in-2022-amazon-ft-ig20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WGMQ-9F68-5PJW
Vulnerability from github – Published: 2022-07-13 00:01 – Updated: 2022-07-17 00:00Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device.
{
"affected": [],
"aliases": [
"CVE-2022-33707"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-12T14:15:00Z",
"severity": "MODERATE"
},
"details": "Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device.",
"id": "GHSA-wgmq-9f68-5pjw",
"modified": "2022-07-17T00:00:46Z",
"published": "2022-07-13T00:01:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33707"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WH3J-424Q-CVPJ
Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-16 00:01In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
{
"affected": [],
"aliases": [
"CVE-2022-29035"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-11T19:15:00Z",
"severity": "MODERATE"
},
"details": "In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren\u0027t using SecureRandom implementations",
"id": "GHSA-wh3j-424q-cvpj",
"modified": "2022-04-16T00:01:07Z",
"published": "2022-04-12T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29035"
},
{
"type": "WEB",
"url": "https://github.com/ktorio/ktor/pull/2776"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WP4M-7HPJ-8QP8
Vulnerability from github – Published: 2024-01-20 00:30 – Updated: 2025-12-02 00:28Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-w3hj-wr2q-x83g. This link is maintained to preserve external references.
Original Description
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "tech.pegasys.discovery:discovery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-323",
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-02T00:28:45Z",
"nvd_published_at": "2024-01-19T22:15:08Z",
"severity": "MODERATE"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-w3hj-wr2q-x83g. This link is maintained to preserve external references.\n\n### Original Description\nConsensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node\u0027s private key isn\u0027t compromised, only the session key generated for specific peer communication is exposed.",
"id": "GHSA-wp4m-7hpj-8qp8",
"modified": "2025-12-02T00:28:45Z",
"published": "2024-01-20T00:30:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23688"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-w3hj-wr2q-x83g"
},
{
"type": "WEB",
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Discovery uses the same AES/GCM Nonce throughout the session",
"withdrawn": "2025-12-02T00:28:45Z"
}
GHSA-WRR7-JQ3Q-5WXJ
Vulnerability from github – Published: 2022-05-01 23:45 – Updated: 2024-02-14 18:30The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.
{
"affected": [],
"aliases": [
"CVE-2008-2020"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-04-30T01:07:00Z",
"severity": "MODERATE"
},
"details": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.",
"id": "GHSA-wrr7-jq3q-5wxj",
"modified": "2024-02-14T18:30:23Z",
"published": "2022-05-01T23:45:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2020"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"type": "WEB",
"url": "http://securityreason.com/securityalert/3834"
},
{
"type": "WEB",
"url": "http://www.rooksecurity.com/blog/?p=6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/28877"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WVCG-5HX9-98XW
Vulnerability from github – Published: 2023-01-11 09:30 – Updated: 2023-01-19 00:30A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure.
{
"affected": [],
"aliases": [
"CVE-2021-26407"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-11T08:15:00Z",
"severity": "MODERATE"
},
"details": "A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure.",
"id": "GHSA-wvcg-5hx9-98xw",
"modified": "2023-01-19T00:30:31Z",
"published": "2023-01-11T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26407"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WWVV-X5MQ-H3JJ
Vulnerability from github – Published: 2021-09-01 18:35 – Updated: 2021-08-30 20:28yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "yiisoft/yii2-dev"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.43"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3692"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-30T20:28:42Z",
"nvd_published_at": "2021-08-10T17:15:00Z",
"severity": "MODERATE"
},
"details": "yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator",
"id": "GHSA-wwvv-x5mq-h3jj",
"modified": "2021-08-30T20:28:42Z",
"published": "2021-09-01T18:35:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3692"
},
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46"
},
{
"type": "PACKAGE",
"url": "https://github.com/yiisoft/yii2"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/55517f19-5c28-4db2-8b00-f78f841e8aba"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev"
}
GHSA-WX8F-MRRP-3FV2
Vulnerability from github – Published: 2022-05-13 01:50 – Updated: 2022-05-13 01:50An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.
{
"affected": [],
"aliases": [
"CVE-2018-16239"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-30T22:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.",
"id": "GHSA-wx8f-mrrp-3fv2",
"modified": "2022-05-13T01:50:20Z",
"published": "2022-05-13T01:50:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16239"
},
{
"type": "WEB",
"url": "https://github.com/howchen/howchen/issues/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WXV4-3Q58-W3MX
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
{
"affected": [],
"aliases": [
"CVE-2017-13077"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-17T02:29:00Z",
"severity": "MODERATE"
},
"details": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",
"id": "GHSA-wxv4-3q58-w3mx",
"modified": "2025-04-20T03:46:52Z",
"published": "2022-05-13T01:43:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13077"
},
{
"type": "WEB",
"url": "https://www.krackattacks.com"
},
{
"type": "WEB",
"url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
},
{
"type": "WEB",
"url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03792en_us"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208222"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208221"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208220"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208219"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-06-01"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201711-03"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00015.html"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-003"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/vulnerabilities/kracks"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2911"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2907"
},
{
"type": "WEB",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3999"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/228519"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101274"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039573"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039576"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039577"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039578"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039581"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039585"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041432"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3455-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.