CWE-338
AllowedUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Abstraction: Base · Status: Draft
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
293 vulnerabilities reference this CWE, most recent first.
GHSA-CF3Q-VG8W-MW84
Vulnerability from github – Published: 2024-06-24 12:30 – Updated: 2025-07-15 22:56Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.streampipes:streampipes-resource-management"
},
"ranges": [
{
"events": [
{
"introduced": "0.69.0"
},
{
"fixed": "0.95.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-29868"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2024-07-01T16:16:23Z",
"nvd_published_at": "2024-06-24T10:15:09Z",
"severity": "CRITICAL"
},
"details": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes\u00a0user self-registration and password recovery mechanism.\nThis allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user\u0027s account.\nThis issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.\n\nUsers are recommended to upgrade to version 0.95.0, which fixes the issue.",
"id": "GHSA-cf3q-vg8w-mw84",
"modified": "2025-07-15T22:56:41Z",
"published": "2024-06-24T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29868"
},
{
"type": "WEB",
"url": "https://github.com/apache/streampipes/commit/1d94191c49617dffbcb6f6d8fd73bcd5dd597d52"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/streampipes"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/g7t7zctvq2fysrw1x17flnc12592nhx7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/06/22/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation"
}
GHSA-CGG5-W2F8-858M
Vulnerability from github – Published: 2025-11-10 09:30 – Updated: 2025-11-10 09:30A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled.
{
"affected": [],
"aliases": [
"CVE-2025-41731"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-10T08:15:33Z",
"severity": "HIGH"
},
"details": "A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled.",
"id": "GHSA-cgg5-w2f8-858m",
"modified": "2025-11-10T09:30:27Z",
"published": "2025-11-10T09:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41731"
},
{
"type": "WEB",
"url": "https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-086.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CH4M-2996-7XPV
Vulnerability from github – Published: 2025-04-07 15:31 – Updated: 2025-04-08 18:34Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values.
String::Random defaults to Perl's built-in predictable random number generator, the rand() function, which is not cryptographically secure
{
"affected": [],
"aliases": [
"CVE-2024-57835"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-05T16:15:32Z",
"severity": "MODERATE"
},
"details": "Amon2::Auth::Site::LINE uses the String::Random module\u00a0to generate nonce values.\u00a0\n\nString::Random\u00a0defaults to Perl\u0027s built-in predictable\u00a0random number generator,\u00a0the rand() function, which is not cryptographically secure",
"id": "GHSA-ch4m-2996-7xpv",
"modified": "2025-04-08T18:34:16Z",
"published": "2025-04-07T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57835"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/SHLOMIF/String-Random-0.32/source/lib/String/Random.pm#L377"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L235"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L255"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CJ2W-WJ5H-C44X
Vulnerability from github – Published: 2023-10-19 12:30 – Updated: 2024-04-04 08:47The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.
{
"affected": [],
"aliases": [
"CVE-2022-26943"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-19T10:15:09Z",
"severity": "HIGH"
},
"details": "The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.",
"id": "GHSA-cj2w-wj5h-c44x",
"modified": "2024-04-04T08:47:40Z",
"published": "2023-10-19T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26943"
},
{
"type": "WEB",
"url": "https://tetraburst.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJ6V-RJ8X-QR97
Vulnerability from github – Published: 2022-05-13 01:54 – Updated: 2022-05-13 01:54The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.
{
"affected": [],
"aliases": [
"CVE-2018-15552"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-07T22:29:00Z",
"severity": "HIGH"
},
"details": "The \"PayWinner\" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable \"maxTickets\" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.",
"id": "GHSA-cj6v-rj8x-qr97",
"modified": "2022-05-13T01:54:11Z",
"published": "2022-05-13T01:54:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15552"
},
{
"type": "WEB",
"url": "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-15552"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CPR8-M35V-9VV2
Vulnerability from github – Published: 2025-01-09 09:31 – Updated: 2025-01-09 15:31Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.
{
"affected": [],
"aliases": [
"CVE-2024-40762"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-09T07:15:26Z",
"severity": "CRITICAL"
},
"details": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.",
"id": "GHSA-cpr8-m35v-9vv2",
"modified": "2025-01-09T15:31:50Z",
"published": "2025-01-09T09:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40762"
},
{
"type": "WEB",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CQ23-CXPR-F49X
Vulnerability from github – Published: 2022-04-21 01:50 – Updated: 2022-04-21 01:50It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.
{
"affected": [],
"aliases": [
"CVE-2008-3280"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-21T20:15:00Z",
"severity": "MODERATE"
},
"details": "It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.",
"id": "GHSA-cq23-cxpr-f49x",
"modified": "2022-04-21T01:50:57Z",
"published": "2022-04-21T01:50:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3280"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/5720"
},
{
"type": "WEB",
"url": "http://lists.openid.net/pipermail/openid-security/2008-August/000942.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-CQ2R-W6JR-X35W
Vulnerability from github – Published: 2026-06-19 15:33 – Updated: 2026-06-19 15:33In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible
{
"affected": [],
"aliases": [
"CVE-2026-56141"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-19T13:16:37Z",
"severity": "CRITICAL"
},
"details": "In JetBrains Hub before 2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429 account takeover via predictable restore codes was possible",
"id": "GHSA-cq2r-w6jr-x35w",
"modified": "2026-06-19T15:33:15Z",
"published": "2026-06-19T15:33:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56141"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CVG9-334X-W586
Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for generating password reset codes. The application uses random.randint for this purpose, which is not suitable for cryptographic use and can be cracked. An attacker with access to workflow tools can extract the PRNG output and predict future password reset codes, leading to a complete compromise of the application.
{
"affected": [],
"aliases": [
"CVE-2025-1796"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-20T10:15:54Z",
"severity": "HIGH"
},
"details": "A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for generating password reset codes. The application uses `random.randint` for this purpose, which is not suitable for cryptographic use and can be cracked. An attacker with access to workflow tools can extract the PRNG output and predict future password reset codes, leading to a complete compromise of the application.",
"id": "GHSA-cvg9-334x-w586",
"modified": "2025-03-20T12:32:53Z",
"published": "2025-03-20T12:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1796"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/a60f3039-5394-4e22-8de7-a7da9c6a6e00"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CWQ5-XWX7-85WM
Vulnerability from github – Published: 2024-09-06 06:31 – Updated: 2024-11-30 12:30tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.
{
"affected": [],
"aliases": [
"CVE-2024-45751"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-06T05:15:13Z",
"severity": "MODERATE"
},
"details": "tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.",
"id": "GHSA-cwq5-xwx7-85wm",
"modified": "2024-11-30T12:30:37Z",
"published": "2024-09-06T06:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45751"
},
{
"type": "WEB",
"url": "https://github.com/fujita/tgt/pull/67"
},
{
"type": "WEB",
"url": "https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00033.html"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2024/09/07/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/09/07/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
No CAPEC attack patterns related to this CWE.