Common Weakness Enumeration

CWE-331

Allowed

Insufficient Entropy

Abstraction: Base · Status: Draft

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

207 vulnerabilities reference this CWE, most recent first.

GHSA-CVMX-9H9Q-8HMW

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36
VLAI
Details

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-2625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-27T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users\u0027 sessions.",
  "id": "GHSA-cvmx-9h9q-8hmw",
  "modified": "2022-05-13T01:36:52Z",
  "published": "2022-05-13T01:36:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2625"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1865"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2017-2625"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1424987"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625"
    },
    {
      "type": "WEB",
      "url": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201704-03"
    },
    {
      "type": "WEB",
      "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96480"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037919"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FGHC-HPWQ-XM37

Vulnerability from github – Published: 2026-07-07 09:37 – Updated: 2026-07-07 15:32
VLAI
Details

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-13199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-07T09:16:29Z",
    "severity": "MODERATE"
  },
  "details": "EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the quality of random numbers or delay booting while sufficient entropy is accumulated from other sources.",
  "id": "GHSA-fghc-hpwq-xm37",
  "modified": "2026-07-07T15:32:56Z",
  "published": "2026-07-07T09:37:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13199"
    },
    {
      "type": "WEB",
      "url": "https://github.com/raspberrypi/rpi-eeprom/pull/841"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-13199"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FMG6-246M-9G2V

Vulnerability from github – Published: 2026-04-03 03:41 – Updated: 2026-04-03 03:41
VLAI
Summary
Auth0 laravel-auth0 SDK has Insufficient Entropy in Cookie Encryption
Details

Impact

In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies.

Am I Affected?

You are affected if you meet the following preconditions:

  • Applications using laravel-auth0 SDK, versions between 7.0.0 and 7.20.0
  • Laravel-auth0 SDK using the Auth0-PHP SDK versions between 8.0.0 to 8.18.0.

Resolution

Upgrade Auth0/laravel-auth0 to version 7.21.0 or greater.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 7.20.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "auth0/login"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.21.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-03T03:41:04Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nIn applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies.\n\n### Am I Affected?\nYou are affected if you meet the following preconditions:\n\n- Applications using laravel-auth0 SDK, versions between 7.0.0 and 7.20.0\n- Laravel-auth0 SDK using the Auth0-PHP SDK versions between 8.0.0 to 8.18.0.\n\n\n### Resolution\nUpgrade Auth0/laravel-auth0 to version 7.21.0 or greater.",
  "id": "GHSA-fmg6-246m-9g2v",
  "modified": "2026-04-03T03:41:04Z",
  "published": "2026-04-03T03:41:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/auth0/laravel-auth0/security/advisories/GHSA-fmg6-246m-9g2v"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/auth0/laravel-auth0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Auth0 laravel-auth0 SDK has Insufficient Entropy in Cookie Encryption"
}

GHSA-FPQV-CR66-H6PC

Vulnerability from github – Published: 2026-04-16 18:31 – Updated: 2026-07-14 15:31
VLAI
Details

libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-41080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-16T17:16:54Z",
    "severity": "LOW"
  },
  "details": "libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.",
  "id": "GHSA-fpqv-cr66-h6pc",
  "modified": "2026-07-14T15:31:51Z",
  "published": "2026-04-16T18:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41080"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexpat/libexpat/issues/47"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexpat/libexpat/pull/1183"
    },
    {
      "type": "WEB",
      "url": "https://blog.hartwork.org/posts/expat-2-8-0-released"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/04/26/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/26/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G3HM-J3WC-JCG9

Vulnerability from github – Published: 2025-03-28 03:30 – Updated: 2025-09-05 15:31
VLAI
Details

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1860"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-28T01:15:16Z",
    "severity": "HIGH"
  },
  "details": "Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not\u00a0cryptographically secure,\u00a0for cryptographic functions.",
  "id": "GHSA-g3hm-j3wc-jcg9",
  "modified": "2025-09-05T15:31:06Z",
  "published": "2025-03-28T03:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1860"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80"
    },
    {
      "type": "WEB",
      "url": "https://perldoc.perl.org/functions/rand"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GFJ4-2P4P-M25J

Vulnerability from github – Published: 2025-04-07 15:31 – Updated: 2025-04-07 21:32
VLAI
Details

Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-05T16:15:33Z",
    "severity": "MODERATE"
  },
  "details": "Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically Web::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.",
  "id": "GHSA-gfj4-2p4p-m25j",
  "modified": "2025-04-07T21:32:07Z",
  "published": "2025-04-07T15:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57868"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L20"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L348"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537"
    },
    {
      "type": "WEB",
      "url": "https://perldoc.perl.org/functions/rand"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GHC5-95C2-VWCV

Vulnerability from github – Published: 2026-04-03 03:44 – Updated: 2026-04-03 03:44
VLAI
Summary
Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption
Details

Impact

In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies.

Am I Affected?

Consumers are affected if their application meets the following preconditions: - It uses the Auth0 Symfony SDK, versions between 5.0.0 and 5.7.0 - Auth0 Symfony SDK using the Auth0-PHP SDK versions between 8.0.0 to 8.18.0.

Resolution

Upgrade Auth0/symfony-auth0 to version 5.8.0 or greater.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.7.0"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "auth0/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-03T03:44:13Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nIn applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies.\n\n### Am I Affected?\nConsumers are affected if their application meets the following preconditions:\n- It uses the Auth0 Symfony SDK, versions between 5.0.0 and 5.7.0\n- Auth0 Symfony SDK using the Auth0-PHP SDK versions between 8.0.0 to 8.18.0.\n\n### Resolution\nUpgrade Auth0/symfony-auth0 to version 5.8.0 or greater.",
  "id": "GHSA-ghc5-95c2-vwcv",
  "modified": "2026-04-03T03:44:13Z",
  "published": "2026-04-03T03:44:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/auth0/symfony/security/advisories/GHSA-ghc5-95c2-vwcv"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/auth0/symfony"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Auth0 Symfony SDK has Insufficient Entropy in Cookie Encryption"
}

GHSA-GQ9M-QVPX-68HC

Vulnerability from github – Published: 2019-08-21 16:15 – Updated: 2024-11-19 18:05
VLAI
Summary
Pallets Werkzeug Insufficient Entropy
Details

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "werkzeug"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.15.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-14806"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-08-21T16:01:59Z",
    "nvd_published_at": "2019-08-09T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.",
  "id": "GHSA-gq9m-qvpx-68hc",
  "modified": "2024-11-19T18:05:58Z",
  "published": "2019-08-21T16:15:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14806"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pallets/werkzeug"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2019-140.yaml"
    },
    {
      "type": "WEB",
      "url": "https://palletsprojects.com/blog/werkzeug-0-15-3-released"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Pallets Werkzeug Insufficient Entropy"
}

GHSA-H236-32WJ-MG7X

Vulnerability from github – Published: 2025-04-05 21:30 – Updated: 2025-04-14 18:31
VLAI
Details

Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56370"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-05T19:15:38Z",
    "severity": "MODERATE"
  },
  "details": "Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically Net::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.",
  "id": "GHSA-h236-32wj-mg7x",
  "modified": "2025-04-14T18:31:48Z",
  "published": "2025-04-05T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56370"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L58"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L9"
    },
    {
      "type": "WEB",
      "url": "https://perldoc.perl.org/functions/rand"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H327-V36R-6RGJ

Vulnerability from github – Published: 2024-06-05 21:31 – Updated: 2024-06-05 21:31
VLAI
Details

An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. The baseband software does not properly check format types specified by the RRC. This can lead to a lack of encryption.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49927"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-311",
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-05T19:15:11Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. The baseband software does not properly check format types specified by the RRC. This can lead to a lack of encryption.",
  "id": "GHSA-h327-v36r-6rgj",
  "modified": "2024-06-05T21:31:27Z",
  "published": "2024-06-05T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49927"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.