Common Weakness Enumeration

CWE-332

Allowed

Insufficient Entropy in PRNG

Abstraction: Variant · Status: Draft

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

17 vulnerabilities reference this CWE, most recent first.

GHSA-JJX5-FQ5G-8XPC

Vulnerability from github – Published: 2022-05-17 03:54 – Updated: 2024-02-08 19:37
VLAI
Summary
Symfony Cryptographic Vulnerability
Details

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.6.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/security-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.37"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.6.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.37"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.6.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "symfony/symfony"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-1902"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-332"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-31T23:05:36Z",
    "nvd_published_at": "2016-06-01T22:59:00Z",
    "severity": "HIGH"
  },
  "details": "The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.",
  "id": "GHSA-jjx5-fq5g-8xpc",
  "modified": "2024-02-08T19:37:28Z",
  "published": "2022-05-17T03:54:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1902"
    },
    {
      "type": "WEB",
      "url": "https://github.com/symfony/symfony/pull/17359"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-1902.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-1902.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-1902.yaml"
    },
    {
      "type": "WEB",
      "url": "https://symfony.com/cve-2016-1902"
    },
    {
      "type": "WEB",
      "url": "https://www.landaire.net/blog/cve-2016-1902-symfony-securerandom"
    },
    {
      "type": "WEB",
      "url": "http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3588"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Symfony Cryptographic Vulnerability"
}

GHSA-Q9QR-JWPW-3QVV

Vulnerability from github – Published: 2022-12-28 00:30 – Updated: 2024-05-20 19:42
VLAI
Summary
Golf may allow attacker to bypass CSRF protections due to weak PRNG
Details

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/dinever/golf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-15005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-332",
      "CWE-352"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-30T19:45:18Z",
    "nvd_published_at": "2022-12-27T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.",
  "id": "GHSA-q9qr-jwpw-3qvv",
  "modified": "2024-05-20T19:42:50Z",
  "published": "2022-12-28T00:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-15005"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dinever/golf/issues/20"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dinever/golf/pull/24"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dinever/golf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dinever/golf/releases/tag/v0.3.0"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2020-0045"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Golf may allow attacker to bypass CSRF protections due to weak PRNG"
}

GHSA-R48H-JR2J-9G78

Vulnerability from github – Published: 2022-05-14 03:29 – Updated: 2024-02-21 23:19
VLAI
Summary
HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG
Details

aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/terraform-provider-aws"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.14.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-9057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-332"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-21T23:19:35Z",
    "nvd_published_at": "2018-03-27T18:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.",
  "id": "GHSA-r48h-jr2j-9g78",
  "modified": "2024-02-21T23:19:35Z",
  "published": "2022-05-14T03:29:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9057"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/terraform-provider-aws/pull/3934"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/terraform-provider-aws/pull/3989"
    },
    {
      "type": "WEB",
      "url": "https://github.com/terraform-providers/terraform-provider-aws/pull/3934"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/terraform-provider-aws/commit/efa8cd45c6484ff70b2a515ea7ff06f2459d4ddf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hashicorp/terraform-provider-aws"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hashicorp/terraform-provider-aws/blob/02b039aa82dd7fc6e4a97a0922cc5dbbab724021/resource_aws_iam_user_login_profile.go#L70-L80"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": " HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG "
}

GHSA-RJVV-82RG-PPQH

Vulnerability from github – Published: 2026-05-14 21:30 – Updated: 2026-05-14 21:30
VLAI
Details

Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3290"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-332"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T20:17:04Z",
    "severity": "HIGH"
  },
  "details": "Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values",
  "id": "GHSA-rjvv-82rg-ppqh",
  "modified": "2026-05-14T21:30:44Z",
  "published": "2026-05-14T21:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3290"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SiliconLabs/wiseconnect-wifi-bt-sdk"
    },
    {
      "type": "WEB",
      "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000nIg6IIAS?operationContext=S1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X377-F64P-HF5J

Vulnerability from github – Published: 2022-05-17 04:59 – Updated: 2024-10-21 20:27
VLAI
Summary
PyCrypto does not properly reseed PRNG before allowing access
Details

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pycrypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-1445"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-332"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-22T22:55:06Z",
    "nvd_published_at": "2013-10-26T17:55:00Z",
    "severity": "HIGH"
  },
  "details": "The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.",
  "id": "GHSA-x377-f64p-hf5j",
  "modified": "2024-10-21T20:27:56Z",
  "published": "2022-05-17T04:59:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1445"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pycrypto/pycrypto"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pycrypto/PYSEC-2013-29.yaml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2013/dsa-2781"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/10/17/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "PyCrypto does not properly reseed PRNG before allowing access"
}

GHSA-XP26-JQRV-CC5R

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:36
VLAI
Details

Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-18486"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-332"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-09T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.",
  "id": "GHSA-xp26-jqrv-cc5r",
  "modified": "2024-04-04T01:36:02Z",
  "published": "2022-05-24T16:52:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18486"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Kc57/JitBit_Helpdesk_Auth_Bypass"
    },
    {
      "type": "WEB",
      "url": "https://packetstormsecurity.com/files/144334/JitBit-Helpdesk-9.0.2-Broken-Authentication.html"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/42776"
    },
    {
      "type": "WEB",
      "url": "https://www.trustedsec.com/2017/09/full-disclosure-jitbit-helpdesk-authentication-bypass-0-day"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XXR9-37W5-WGWC

Vulnerability from github – Published: 2022-05-17 03:02 – Updated: 2022-05-17 03:02
VLAI
Details

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-0016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-332"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-03-24T16:31:00Z",
    "severity": "MODERATE"
  },
  "details": "stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.",
  "id": "GHSA-xxr9-37w5-wgwc",
  "modified": "2022-05-17T03:02:43Z",
  "published": "2022-05-17T03:02:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0016"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/attachment.cgi?id=870826\u0026action=diff"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072180"
    },
    {
      "type": "WEB",
      "url": "https://www.stunnel.org/sdf_ChangeLog.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/05/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/65964"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation MIT-2
Architecture and Design Requirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

Mitigation
Implementation

Consider a PRNG that re-seeds itself as needed from high-quality pseudo-random output, such as hardware devices.

Mitigation
Architecture and Design

When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator that always uses strong random data -- i.e., a random number generator that attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally, something that always provides a predictable amount of strength is preferable.

No CAPEC attack patterns related to this CWE.