Common Weakness Enumeration

CWE-338

Allowed

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Abstraction: Base · Status: Draft

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

293 vulnerabilities reference this CWE, most recent first.

GHSA-CF3Q-VG8W-MW84

Vulnerability from github – Published: 2024-06-24 12:30 – Updated: 2025-07-15 22:56
VLAI
Summary
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Details

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.streampipes:streampipes-resource-management"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.69.0"
            },
            {
              "fixed": "0.95.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-29868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-01T16:16:23Z",
    "nvd_published_at": "2024-06-24T10:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes\u00a0user self-registration and password recovery mechanism.\nThis allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user\u0027s account.\nThis issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.\n\nUsers are recommended to upgrade to version 0.95.0, which fixes the issue.",
  "id": "GHSA-cf3q-vg8w-mw84",
  "modified": "2025-07-15T22:56:41Z",
  "published": "2024-06-24T12:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29868"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/streampipes/commit/1d94191c49617dffbcb6f6d8fd73bcd5dd597d52"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/streampipes"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/g7t7zctvq2fysrw1x17flnc12592nhx7"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/22/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation"
}

GHSA-CGG5-W2F8-858M

Vulnerability from github – Published: 2025-11-10 09:30 – Updated: 2025-11-10 09:30
VLAI
Details

A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-10T08:15:33Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to brute force the password in a timely manner and thus gain root access to the device if the debug interface is still enabled.",
  "id": "GHSA-cgg5-w2f8-858m",
  "modified": "2025-11-10T09:30:27Z",
  "published": "2025-11-10T09:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41731"
    },
    {
      "type": "WEB",
      "url": "https://jumo.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-086.json"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CH4M-2996-7XPV

Vulnerability from github – Published: 2025-04-07 15:31 – Updated: 2025-04-08 18:34
VLAI
Details

Amon2::Auth::Site::LINE uses the String::Random module to generate nonce values. 

String::Random defaults to Perl's built-in predictable random number generator, the rand() function, which is not cryptographically secure

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57835"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-05T16:15:32Z",
    "severity": "MODERATE"
  },
  "details": "Amon2::Auth::Site::LINE uses the String::Random module\u00a0to generate nonce values.\u00a0\n\nString::Random\u00a0defaults to Perl\u0027s built-in predictable\u00a0random number generator,\u00a0the rand() function, which is not cryptographically secure",
  "id": "GHSA-ch4m-2996-7xpv",
  "modified": "2025-04-08T18:34:16Z",
  "published": "2025-04-07T15:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57835"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/SHLOMIF/String-Random-0.32/source/lib/String/Random.pm#L377"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L235"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/TANIGUCHI/Amon2-Auth-Site-LINE-0.04/source/lib/Amon2/Auth/Site/LINE.pm#L255"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJ2W-WJ5H-C44X

Vulnerability from github – Published: 2023-10-19 12:30 – Updated: 2024-04-04 08:47
VLAI
Details

The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26943"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-19T10:15:09Z",
    "severity": "HIGH"
  },
  "details": "The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.",
  "id": "GHSA-cj2w-wj5h-c44x",
  "modified": "2024-04-04T08:47:40Z",
  "published": "2023-10-19T12:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26943"
    },
    {
      "type": "WEB",
      "url": "https://tetraburst.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJ6V-RJ8X-QR97

Vulnerability from github – Published: 2022-05-13 01:54 – Updated: 2022-05-13 01:54
VLAI
Details

The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-07T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "The \"PayWinner\" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable \"maxTickets\" (which is private, yet predictable and readable by the eth.getStorageAt function). Therefore, it allows attackers to always win and get rewards.",
  "id": "GHSA-cj6v-rj8x-qr97",
  "modified": "2022-05-13T01:54:11Z",
  "published": "2022-05-13T01:54:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15552"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-15552"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CPR8-M35V-9VV2

Vulnerability from github – Published: 2025-01-09 09:31 – Updated: 2025-01-09 15:31
VLAI
Details

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40762"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-09T07:15:26Z",
    "severity": "CRITICAL"
  },
  "details": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass.",
  "id": "GHSA-cpr8-m35v-9vv2",
  "modified": "2025-01-09T15:31:50Z",
  "published": "2025-01-09T09:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40762"
    },
    {
      "type": "WEB",
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQ23-CXPR-F49X

Vulnerability from github – Published: 2022-04-21 01:50 – Updated: 2022-04-21 01:50
VLAI
Details

It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-3280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-21T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.",
  "id": "GHSA-cq23-cxpr-f49x",
  "modified": "2022-04-21T01:50:57Z",
  "published": "2022-04-21T01:50:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3280"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/5720"
    },
    {
      "type": "WEB",
      "url": "http://lists.openid.net/pipermail/openid-security/2008-August/000942.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CQ2R-W6JR-X35W

Vulnerability from github – Published: 2026-06-19 15:33 – Updated: 2026-06-19 15:33
VLAI
Details

In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 account takeover via predictable restore codes was possible

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-19T13:16:37Z",
    "severity": "CRITICAL"
  },
  "details": "In JetBrains Hub before 2026.1.13757,\n2025.3.148033,\n2025.2.148048,\n2025.1.148120,\n2024.3.148430,\n2024.2.148429 account takeover via predictable restore codes was possible",
  "id": "GHSA-cq2r-w6jr-x35w",
  "modified": "2026-06-19T15:33:15Z",
  "published": "2026-06-19T15:33:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56141"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CVG9-334X-W586

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32
VLAI
Details

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for generating password reset codes. The application uses random.randint for this purpose, which is not suitable for cryptographic use and can be cracked. An attacker with access to workflow tools can extract the PRNG output and predict future password reset codes, leading to a complete compromise of the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1796"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:54Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for generating password reset codes. The application uses `random.randint` for this purpose, which is not suitable for cryptographic use and can be cracked. An attacker with access to workflow tools can extract the PRNG output and predict future password reset codes, leading to a complete compromise of the application.",
  "id": "GHSA-cvg9-334x-w586",
  "modified": "2025-03-20T12:32:53Z",
  "published": "2025-03-20T12:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1796"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/a60f3039-5394-4e22-8de7-a7da9c6a6e00"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CWQ5-XWX7-85WM

Vulnerability from github – Published: 2024-09-06 06:31 – Updated: 2024-11-30 12:30
VLAI
Details

tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-45751"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-06T05:15:13Z",
    "severity": "MODERATE"
  },
  "details": "tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.",
  "id": "GHSA-cwq5-xwx7-85wm",
  "modified": "2024-11-30T12:30:37Z",
  "published": "2024-09-06T06:31:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45751"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fujita/tgt/pull/67"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00033.html"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2024/09/07/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/09/07/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

No CAPEC attack patterns related to this CWE.