CWE-338
AllowedUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Abstraction: Base · Status: Draft
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
293 vulnerabilities reference this CWE, most recent first.
GHSA-98R5-R223-6XWF
Vulnerability from github – Published: 2026-03-05 03:31 – Updated: 2026-03-05 21:30Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.
Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.
Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.
{
"affected": [],
"aliases": [
"CVE-2024-57854"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-05T03:15:53Z",
"severity": "CRITICAL"
},
"details": "Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.\n\nVersion v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.\n\nData::Rand::Obscure uses Perl\u0027s built-in rand() function, which is not suitable for cryptographic functions.",
"id": "GHSA-98r5-r223-6xwf",
"modified": "2026-03-05T21:30:38Z",
"published": "2026-03-05T03:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57854"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119"
},
{
"type": "WEB",
"url": "https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/05/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-99F2-VHMM-9FW8
Vulnerability from github – Published: 2025-01-02 06:30 – Updated: 2025-04-08 09:31The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.
{
"affected": [],
"aliases": [
"CVE-2024-56830"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-02T05:15:07Z",
"severity": "MODERATE"
},
"details": "The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl\u0027s builtin rand() if no strong randomization module is present.",
"id": "GHSA-99f2-vhmm-9fw8",
"modified": "2025-04-08T09:31:09Z",
"published": "2025-01-02T06:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56830"
},
{
"type": "WEB",
"url": "https://github.com/briandfoy/cpan-security-advisory/issues/184"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00015.html"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9FP2-68JW-464M
Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-16 00:01The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.
{
"affected": [],
"aliases": [
"CVE-2022-0828"
],
"database_specific": {
"cwe_ids": [
"CWE-326",
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-11T15:15:00Z",
"severity": "HIGH"
},
"details": "The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.",
"id": "GHSA-9fp2-68jw-464m",
"modified": "2022-04-16T00:01:10Z",
"published": "2022-04-12T00:00:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0828"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/7f0742ad-6fd7-4258-9e44-d42e138789bb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9GWW-CR64-679C
Vulnerability from github – Published: 2026-02-17 00:30 – Updated: 2026-02-17 15:31Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,
- There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.
- The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.
- UUIDs are identifiers whose mere possession grants access, as per RFC 9562.
- The output of the built-in rand() function is predictable and unsuitable for security applications.
{
"affected": [],
"aliases": [
"CVE-2026-2439"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-16T22:22:41Z",
"severity": "CRITICAL"
},
"details": "Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl\u0027s built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,\n\n * There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.\n * The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.\n * UUIDs are identifiers whose mere possession grants access, as per RFC 9562.\n * The output of the built-in rand() function is predictable and unsuitable for security applications.",
"id": "GHSA-9gww-cr64-679c",
"modified": "2026-02-17T15:31:35Z",
"published": "2026-02-17T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2439"
},
{
"type": "WEB",
"url": "https://github.com/bwva/Concierge-Sessions/commit/20bb28e92e8fba307c4ff8264701c215be65e73b"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/BVA/Concierge-Sessions-v0.8.4/diff/BVA/Concierge-Sessions-v0.8.5#lib/Concierge/Sessions/Base.pm"
},
{
"type": "WEB",
"url": "https://perldoc.perl.org/5.42.0/functions/rand"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
},
{
"type": "WEB",
"url": "https://www.rfc-editor.org/rfc/rfc9562.html#name-security-considerations"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9Q2F-7HM7-62H6
Vulnerability from github – Published: 2022-09-19 00:00 – Updated: 2022-09-22 00:00profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.
{
"affected": [],
"aliases": [
"CVE-2022-40769"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-18T17:15:00Z",
"severity": "HIGH"
},
"details": "profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.",
"id": "GHSA-9q2f-7hm7-62h6",
"modified": "2022-09-22T00:00:30Z",
"published": "2022-09-19T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40769"
},
{
"type": "WEB",
"url": "https://github.com/johguse/profanity/issues/61"
},
{
"type": "WEB",
"url": "https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c"
},
{
"type": "WEB",
"url": "https://github.com/johguse/profanity"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9QFG-3VC9-GP3W
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.
{
"affected": [],
"aliases": [
"CVE-2020-28642"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-16T02:15:00Z",
"severity": "CRITICAL"
},
"details": "In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.",
"id": "GHSA-9qfg-3vc9-gp3w",
"modified": "2022-05-24T17:34:20Z",
"published": "2022-05-24T17:34:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28642"
},
{
"type": "WEB",
"url": "https://www.whitehack.de/advisories/HWADV2020-001.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-9QGP-G97V-QQ69
Vulnerability from github – Published: 2022-05-14 03:32 – Updated: 2022-05-14 03:32Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.
{
"affected": [],
"aliases": [
"CVE-2017-11671"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-26T21:29:00Z",
"severity": "MODERATE"
},
"details": "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.",
"id": "GHSA-9qgp-g97v-qq69",
"modified": "2022-05-14T03:32:25Z",
"published": "2022-05-14T03:32:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11671"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0849"
},
{
"type": "WEB",
"url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180"
},
{
"type": "WEB",
"url": "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/07/27/2"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100018"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9X23-XCRX-FQ3Q
Vulnerability from github – Published: 2025-03-26 12:30 – Updated: 2025-03-26 21:31DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.
This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.
This issue affects DBIx::Class::EncodedColumn until 0.00032.
{
"affected": [],
"aliases": [
"CVE-2025-27552"
],
"database_specific": {
"cwe_ids": [
"CWE-331",
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-26T11:15:39Z",
"severity": "MODERATE"
},
"details": "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.\n\nThis vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.\n\nThis issue affects DBIx::Class::EncodedColumn until 0.00032.",
"id": "GHSA-9x23-xcrx-fq3q",
"modified": "2025-03-26T21:31:06Z",
"published": "2025-03-26T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27552"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C4R2-3F9R-RWP8
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2023-09-26 18:05Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.2-p1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-8113"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-18T20:05:29Z",
"nvd_published_at": "2019-11-05T23:15:00Z",
"severity": "MODERATE"
},
"details": "Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.",
"id": "GHSA-c4r2-3f9r-rwp8",
"modified": "2023-09-26T18:05:26Z",
"published": "2022-05-24T17:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8113"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8113.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/magento/magento2"
},
{
"type": "WEB",
"url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20220121051105/https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Magento 2 Community Weak PRNG"
}
GHSA-CC4W-4629-8RC3
Vulnerability from github – Published: 2025-04-02 15:31 – Updated: 2025-04-03 21:32Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.
{
"affected": [],
"aliases": [
"CVE-2025-1805"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-02T13:15:40Z",
"severity": "MODERATE"
},
"details": "Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.",
"id": "GHSA-cc4w-4629-8rc3",
"modified": "2025-04-03T21:32:57Z",
"published": "2025-04-02T15:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1805"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/HACHI/Crypt-Salt-0.01/source/lib/Crypt/Salt.pm#L76"
},
{
"type": "WEB",
"url": "https://perldoc.perl.org/functions/rand"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
No CAPEC attack patterns related to this CWE.