CWE-332
AllowedInsufficient Entropy in PRNG
Abstraction: Variant · Status: Draft
The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.
17 vulnerabilities reference this CWE, most recent first.
GHSA-JJX5-FQ5G-8XPC
Vulnerability from github – Published: 2022-05-17 03:54 – Updated: 2024-02-08 19:37The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.6.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.37"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.6.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/security"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.37"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.6.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "symfony/symfony"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-1902"
],
"database_specific": {
"cwe_ids": [
"CWE-332"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-31T23:05:36Z",
"nvd_published_at": "2016-06-01T22:59:00Z",
"severity": "HIGH"
},
"details": "The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.",
"id": "GHSA-jjx5-fq5g-8xpc",
"modified": "2024-02-08T19:37:28Z",
"published": "2022-05-17T03:54:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1902"
},
{
"type": "WEB",
"url": "https://github.com/symfony/symfony/pull/17359"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security-core/CVE-2016-1902.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2016-1902.yaml"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2016-1902.yaml"
},
{
"type": "WEB",
"url": "https://symfony.com/cve-2016-1902"
},
{
"type": "WEB",
"url": "https://www.landaire.net/blog/cve-2016-1902-symfony-securerandom"
},
{
"type": "WEB",
"url": "http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3588"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Symfony Cryptographic Vulnerability"
}
GHSA-Q9QR-JWPW-3QVV
Vulnerability from github – Published: 2022-12-28 00:30 – Updated: 2024-05-20 19:42CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/dinever/golf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-15005"
],
"database_specific": {
"cwe_ids": [
"CWE-332",
"CWE-352"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-30T19:45:18Z",
"nvd_published_at": "2022-12-27T22:15:00Z",
"severity": "HIGH"
},
"details": "CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.",
"id": "GHSA-q9qr-jwpw-3qvv",
"modified": "2024-05-20T19:42:50Z",
"published": "2022-12-28T00:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-15005"
},
{
"type": "WEB",
"url": "https://github.com/dinever/golf/issues/20"
},
{
"type": "WEB",
"url": "https://github.com/dinever/golf/pull/24"
},
{
"type": "WEB",
"url": "https://github.com/dinever/golf/commit/3776f338be48b5bc5e8cf9faff7851fc52a3f1fe"
},
{
"type": "PACKAGE",
"url": "https://github.com/dinever/golf"
},
{
"type": "WEB",
"url": "https://github.com/dinever/golf/releases/tag/v0.3.0"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2020-0045"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Golf may allow attacker to bypass CSRF protections due to weak PRNG"
}
GHSA-R48H-JR2J-9G78
Vulnerability from github – Published: 2022-05-14 03:29 – Updated: 2024-02-21 23:19aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/terraform-provider-aws"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-9057"
],
"database_specific": {
"cwe_ids": [
"CWE-332"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-21T23:19:35Z",
"nvd_published_at": "2018-03-27T18:29:00Z",
"severity": "CRITICAL"
},
"details": "aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.",
"id": "GHSA-r48h-jr2j-9g78",
"modified": "2024-02-21T23:19:35Z",
"published": "2022-05-14T03:29:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9057"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/terraform-provider-aws/pull/3934"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/terraform-provider-aws/pull/3989"
},
{
"type": "WEB",
"url": "https://github.com/terraform-providers/terraform-provider-aws/pull/3934"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/terraform-provider-aws/commit/efa8cd45c6484ff70b2a515ea7ff06f2459d4ddf"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/terraform-provider-aws"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/terraform-provider-aws/blob/02b039aa82dd7fc6e4a97a0922cc5dbbab724021/resource_aws_iam_user_login_profile.go#L70-L80"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": " HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG "
}
GHSA-RJVV-82RG-PPQH
Vulnerability from github – Published: 2026-05-14 21:30 – Updated: 2026-05-14 21:30Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values
{
"affected": [],
"aliases": [
"CVE-2026-3290"
],
"database_specific": {
"cwe_ids": [
"CWE-332"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-14T20:17:04Z",
"severity": "HIGH"
},
"details": "Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values",
"id": "GHSA-rjvv-82rg-ppqh",
"modified": "2026-05-14T21:30:44Z",
"published": "2026-05-14T21:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3290"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs/wiseconnect-wifi-bt-sdk"
},
{
"type": "WEB",
"url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm00000nIg6IIAS?operationContext=S1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X377-F64P-HF5J
Vulnerability from github – Published: 2022-05-17 04:59 – Updated: 2024-10-21 20:27The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pycrypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-1445"
],
"database_specific": {
"cwe_ids": [
"CWE-332"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-22T22:55:06Z",
"nvd_published_at": "2013-10-26T17:55:00Z",
"severity": "HIGH"
},
"details": "The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.",
"id": "GHSA-x377-f64p-hf5j",
"modified": "2024-10-21T20:27:56Z",
"published": "2022-05-17T04:59:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1445"
},
{
"type": "WEB",
"url": "https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175"
},
{
"type": "PACKAGE",
"url": "https://github.com/pycrypto/pycrypto"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pycrypto/PYSEC-2013-29.yaml"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2781"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/10/17/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "PyCrypto does not properly reseed PRNG before allowing access"
}
GHSA-XP26-JQRV-CC5R
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:36Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.
{
"affected": [],
"aliases": [
"CVE-2017-18486"
],
"database_specific": {
"cwe_ids": [
"CWE-332"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-09T17:15:00Z",
"severity": "HIGH"
},
"details": "Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.",
"id": "GHSA-xp26-jqrv-cc5r",
"modified": "2024-04-04T01:36:02Z",
"published": "2022-05-24T16:52:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18486"
},
{
"type": "WEB",
"url": "https://github.com/Kc57/JitBit_Helpdesk_Auth_Bypass"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/144334/JitBit-Helpdesk-9.0.2-Broken-Authentication.html"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/42776"
},
{
"type": "WEB",
"url": "https://www.trustedsec.com/2017/09/full-disclosure-jitbit-helpdesk-authentication-bypass-0-day"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XXR9-37W5-WGWC
Vulnerability from github – Published: 2022-05-17 03:02 – Updated: 2022-05-17 03:02stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.
{
"affected": [],
"aliases": [
"CVE-2014-0016"
],
"database_specific": {
"cwe_ids": [
"CWE-332"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2014-03-24T16:31:00Z",
"severity": "MODERATE"
},
"details": "stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for EC (ECDSA) or DSA certificates.",
"id": "GHSA-xxr9-37w5-wgwc",
"modified": "2022-05-17T03:02:43Z",
"published": "2022-05-17T03:02:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0016"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=870826\u0026action=diff"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072180"
},
{
"type": "WEB",
"url": "https://www.stunnel.org/sdf_ChangeLog.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/03/05/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/65964"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
Mitigation
Consider a PRNG that re-seeds itself as needed from high-quality pseudo-random output, such as hardware devices.
Mitigation
When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator that always uses strong random data -- i.e., a random number generator that attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally, something that always provides a predictable amount of strength is preferable.
No CAPEC attack patterns related to this CWE.