Common Weakness Enumeration

CWE-338

Allowed

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Abstraction: Base · Status: Draft

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

293 vulnerabilities reference this CWE, most recent first.

GHSA-G7XF-72MC-JX24

Vulnerability from github – Published: 2024-10-02 06:30 – Updated: 2024-10-02 18:31
VLAI
Details

The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-02T06:15:09Z",
    "severity": "HIGH"
  },
  "details": "The Migration, Backup, Staging  WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.",
  "id": "GHSA-g7xf-72mc-jx24",
  "modified": "2024-10-02T18:31:32Z",
  "published": "2024-10-02T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7315"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/456b728b-a451-4afb-895f-850ddc4fb589"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G98H-C5V8-8M3F

Vulnerability from github – Published: 2026-03-05 03:31 – Updated: 2026-03-12 00:31
VLAI
Details

Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely.

The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.

Predicable session ids could allow an attacker to gain access to systems.

Plack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-40926"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-05T02:16:39Z",
    "severity": "CRITICAL"
  },
  "details": "Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely.\n\nThe default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nPredicable session ids could allow an attacker to gain access to systems.\n\nPlack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923.",
  "id": "GHSA-g98h-c5v8-8m3f",
  "modified": "2026-03-12T00:31:15Z",
  "published": "2026-03-05T03:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40926"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kazeburo/Plack-Middleware-Session-Simple/pull/4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kazeburo/Plack-Middleware-Session-Simple/commit/760bb358b8f53e52cf415888a4ac858fd99bb24e.patch"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/KAZEBURO/Plack-Middleware-Session-Simple-0.04/source/lib/Plack/Middleware/Session/Simple.pm#L43"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/KAZEBURO/Plack-Middleware-Session-Simple-0.05/changes"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40923"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G9VX-XX6G-3R24

Vulnerability from github – Published: 2022-05-14 00:57 – Updated: 2022-05-14 00:57
VLAI
Details

The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12056"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-15T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.",
  "id": "GHSA-g9vx-xx6g-3r24",
  "modified": "2022-05-14T00:57:41Z",
  "published": "2022-05-14T00:57:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12056"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682@%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@jonghyk.song/to-be-a-winner-of-ethereum-gambling-game-all-for-one-by-breaking-prng-1ab011163d40"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GFJ4-2P4P-M25J

Vulnerability from github – Published: 2025-04-07 15:31 – Updated: 2025-04-07 21:32
VLAI
Details

Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Specifically Web::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-05T16:15:33Z",
    "severity": "MODERATE"
  },
  "details": "Web::API 2.8 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically Web::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.",
  "id": "GHSA-gfj4-2p4p-m25j",
  "modified": "2025-04-07T21:32:07Z",
  "published": "2025-04-07T15:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57868"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L20"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/dist/Web-API/source/lib/Web/API.pm#L348"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537"
    },
    {
      "type": "WEB",
      "url": "https://perldoc.perl.org/functions/rand"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQ5X-HVXJ-CP4R

Vulnerability from github – Published: 2022-05-02 03:43 – Updated: 2025-04-09 04:14
VLAI
Details

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-3238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-09-18T10:30:00Z",
    "severity": "HIGH"
  },
  "details": "The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function\u0027s tendency to \"return the same value over and over again for long stretches of time.\"",
  "id": "GHSA-gq5x-hvxj-cp4r",
  "modified": "2025-04-09T04:14:32Z",
  "published": "2022-05-02T03:43:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3238"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499785"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=519692"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03836en_us"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://patchwork.kernel.org/patch/21766"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37105"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/37351"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1438.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-852-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GR8M-RQ4X-Q7C8

Vulnerability from github – Published: 2026-04-08 06:31 – Updated: 2026-04-08 18:34
VLAI
Details

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id.

The generate_session_id function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.

Amon2::Plugin::Web::CSRFDefender versions before 7.00 were part of Amon2, which was vulnerable to insecure session ids due to CVE-2025-15604.

Note that the author has deprecated this module.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T06:16:28Z",
    "severity": "MODERATE"
  },
  "details": "Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id.\n\nThe generate_session_id function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time.  The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nAmon2::Plugin::Web::CSRFDefender versions before 7.00 were part of Amon2, which was vulnerable to insecure session ids due to CVE-2025-15604.\n\nNote that the author has deprecated this module.",
  "id": "GHSA-gr8m-rq4x-q7c8",
  "modified": "2026-04-08T18:34:06Z",
  "published": "2026-04-08T06:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5082"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/TOKUHIROM/Amon2-Plugin-Web-CSRFDefender-7.03/source/lib/Amon2/Plugin/Web/CSRFDefender/Random.pm"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/TOKUHIROM/Amon2-Plugin-Web-CSRFDefender-7.04/changes"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15604"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GVXX-2PM7-7H2R

Vulnerability from github – Published: 2025-09-17 15:30 – Updated: 2025-09-17 18:31
VLAI
Details

Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely.

Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.

Predicable session ids could allow an attacker to gain access to systems.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-40933"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T15:15:42Z",
    "severity": "HIGH"
  },
  "details": "Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely.\n\nSession ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nPredicable session ids could allow an attacker to gain access to systems.",
  "id": "GHSA-gvxx-2pm7-7h2r",
  "modified": "2025-09-17T18:31:17Z",
  "published": "2025-09-17T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40933"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/KGOLDOV/Apache2-AuthAny-0.201/source/lib/Apache2/AuthAny/Cookie.pm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GWF7-VFJF-WF6X

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-09-30 20:32
VLAI
Summary
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
Details

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "matrix-sydent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "matrix-synapse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.99.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-11842"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-27T21:34:46Z",
    "nvd_published_at": "2019-05-09T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.",
  "id": "GHSA-gwf7-vfjf-wf6x",
  "modified": "2024-09-30T20:32:28Z",
  "published": "2022-05-24T16:45:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11842"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-gwf7-vfjf-wf6x"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2019-185.yaml"
    },
    {
      "type": "WEB",
      "url": "https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG"
}

GHSA-H236-32WJ-MG7X

Vulnerability from github – Published: 2025-04-05 21:30 – Updated: 2025-04-14 18:31
VLAI
Details

Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Specifically Net::Xero uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56370"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-05T19:15:38Z",
    "severity": "MODERATE"
  },
  "details": "Net::Xero 0.044 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically Net::Xero uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.",
  "id": "GHSA-h236-32wj-mg7x",
  "modified": "2025-04-14T18:31:48Z",
  "published": "2025-04-05T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56370"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L58"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/ELLIOTT/Net-Xero-0.44/source/lib/Net/Xero.pm#L9"
    },
    {
      "type": "WEB",
      "url": "https://perldoc.perl.org/functions/rand"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H295-PFX3-R298

Vulnerability from github – Published: 2026-05-21 00:30 – Updated: 2026-05-21 15:34
VLAI
Details

Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.

These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-47372"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-20T22:16:37Z",
    "severity": "CRITICAL"
  },
  "details": "Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.\n\nThese versions use the built-in rand function, which is predictable and unsuitable for cryptography.",
  "id": "GHSA-h295-pfx3-r298",
  "modified": "2026-05-21T15:34:06Z",
  "published": "2026-05-21T00:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47372"
    },
    {
      "type": "WEB",
      "url": "https://github.com/robrwo/perl-Crypt-SaltedHash/commit/9b68437d2cd420b819b3a795474c3870338d38d5.patch"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/20/22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

No CAPEC attack patterns related to this CWE.