CWE-338
AllowedUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Abstraction: Base · Status: Draft
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
293 vulnerabilities reference this CWE, most recent first.
GHSA-MQR9-MGQQ-52RQ
Vulnerability from github – Published: 2025-06-11 18:35 – Updated: 2025-06-11 18:35Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.
That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.
{
"affected": [],
"aliases": [
"CVE-2025-40915"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-11T17:15:42Z",
"severity": "HIGH"
},
"details": "Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.\n\nThat version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.",
"id": "GHSA-mqr9-mgqq-52rq",
"modified": "2025-06-11T18:35:43Z",
"published": "2025-06-11T18:35:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40915"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MR95-9RR4-668F
Vulnerability from github – Published: 2018-10-22 20:44 – Updated: 2022-09-14 19:20Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.typesafe.akka:akka-actor_2.11"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.typesafe.akka:akka-actor_2.12"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.16"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-16115"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:47:05Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS (both classic and Artery Remoting). Akka allows configuration of custom random number generators. For historical reasons, Akka included the AES128CounterSecureRNG and AES256CounterSecureRNG random number generators. The implementations had a bug that caused the generated numbers to be repeated after only a few bytes. The custom RNG implementations were not configured by default but examples in the documentation showed (and therefore implicitly recommended) using the custom ones. This can be used by an attacker to compromise the communication if these random number generators are enabled in configuration. It would be possible to eavesdrop, replay, or modify the messages sent with Akka Remoting/Cluster.",
"id": "GHSA-mr95-9rr4-668f",
"modified": "2022-09-14T19:20:04Z",
"published": "2018-10-22T20:44:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16115"
},
{
"type": "WEB",
"url": "https://doc.akka.io/docs/akka/current/security/2018-08-29-aes-rng.html"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-mr95-9rr4-668f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor"
}
GHSA-MWP6-J9WF-968C
Vulnerability from github – Published: 2019-09-13 21:33 – Updated: 2021-10-11 21:10Account takeover and privilege escalation is possible in applications generated by generator-jhipster before 6.3.0. This is due to a vulnerability in the generated java classes: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Generated applications must be manually patched, following instructions in the release notes: https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "generator-jhipster"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:47:33Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Account takeover and privilege escalation is possible in applications generated by generator-jhipster before 6.3.0. This is due to a vulnerability in the generated java classes: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)\n\nGenerated applications must be manually patched, following instructions in the release notes: https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html\n",
"id": "GHSA-mwp6-j9wf-968c",
"modified": "2021-10-11T21:10:33Z",
"published": "2019-09-13T21:33:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mwp6-j9wf-968c"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-j3rh-8vwq-wh84"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-mwp6-j9wf-968c"
},
{
"type": "PACKAGE",
"url": "https://github.com/jhipster/generator-jhipster"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Critical severity vulnerability that affects generator-jhipster",
"withdrawn": "2020-06-26T16:40:47Z"
}
GHSA-MX57-4JMX-5CVF
Vulnerability from github – Published: 2026-05-11 21:31 – Updated: 2026-05-12 00:31Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.
Amazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object.
Before version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.
{
"affected": [],
"aliases": [
"CVE-2026-6146"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-11T20:25:47Z",
"severity": null
},
"details": "Amazon::Credentials versions through 1.2.0 for Perl uses rand to generate encryption keys.\n\nAmazon::Credentials stores credentials in an obfuscated form to prevent access to the secrets from a data dump of the object.\n\nBefore version 1.3.0, the secrets were encrypted using a 64-bit key that was generated using the built-in rand function, which is predictable and unsuitable for cryptography.",
"id": "GHSA-mx57-4jmx-5cvf",
"modified": "2026-05-12T00:31:14Z",
"published": "2026-05-11T21:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6146"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/BIGFOOT/Amazon-Credentials-1.2.0/source/lib/Amazon/Credentials.pm#L1415-1418"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/BIGFOOT/Amazon-Credentials-1.3.0/changes"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/11/15"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MX9C-4XJQ-MHJ6
Vulnerability from github – Published: 2026-03-28 21:33 – Updated: 2026-06-29 09:30HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.
HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.
The distribution includes HTTP::session::ID::MD5 which contains a similar flaw, but uses the MD5 hash instead.
{
"affected": [],
"aliases": [
"CVE-2026-3256"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-28T19:16:56Z",
"severity": "CRITICAL"
},
"details": "HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids.\n\nHTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nThe distribution includes HTTP::session::ID::MD5 which contains a similar flaw, but uses the MD5 hash instead.",
"id": "GHSA-mx9c-4xjq-mhj6",
"modified": "2026-06-29T09:30:26Z",
"published": "2026-03-28T21:33:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3256"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/KTAT/http-session-0.53/source/lib/HTTP/Session/ID/MD5.pm"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/KTAT/http-session-0.53/source/lib/HTTP/Session/ID/SHA1.pm"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/TOKUHIROM/http-session-0.54/changes"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/28/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P36X-W6HR-88JP
Vulnerability from github – Published: 2022-12-06 00:30 – Updated: 2023-01-26 21:30A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.
{
"affected": [],
"aliases": [
"CVE-2022-35255"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-05T22:15:00Z",
"severity": "CRITICAL"
},
"details": "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.",
"id": "GHSA-p36x-w6hr-88jp",
"modified": "2023-01-26T21:30:24Z",
"published": "2022-12-06T00:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1690000"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230113-0002"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5326"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P4CC-W597-6CPM
Vulnerability from github – Published: 2022-08-30 20:38 – Updated: 2022-09-08 14:13In Brief
utils.generateUUID, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (Math.random()), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to.
Impact
This vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. Patches have been provided for both active branches of NodeBB (v2.x and v1.19.x)—please see below.
If you are already on v2.0.0 or v1.19.7, you can upgrade with no ill effects. The new version contains only the patch for this vulnerability.
The impact of this vulnerability is slightly lessened by the requirement that the target's email address must be known, and user emails are protected values in NodeBB. However, since NodeBB can be configured to display email addresses if the admin so wishes, and as email addresses can often by derived from other sources and/or guessed, the impact of this vulnerability is still fairly high.
Patches
v2.x
The vulnerability has been patched in https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888. You can cherry-pick this directly into your codebase.
v1.19.x
The vulnerability has been patched in 81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9. You can cherry-pick this directly into your codebase.
Workarounds
There is no known workaround, but the patch sets listed above will fully patch the vulnerability.
References
For more information
If you have any questions or comments about this advisory: * Discuss it on our community forum * Email us at support@nodebb.org
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nodebb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "nodebb"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.0"
]
}
],
"aliases": [
"CVE-2022-36045"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-30T20:38:10Z",
"nvd_published_at": "2022-08-31T15:15:00Z",
"severity": "CRITICAL"
},
"details": "### In Brief\n`utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (`Math.random()`), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to.\n\n### Impact\nThis vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. Patches have been provided for both active branches of NodeBB (v2.x and v1.19.x)\u2014please see below.\n\nIf you are already on v2.0.0 or v1.19.7, you can upgrade with no ill effects. The new version contains only the patch for this vulnerability.\n\nThe impact of this vulnerability is slightly lessened by the requirement that the target\u0027s email address must be known, **and** user emails are protected values in NodeBB. However, since NodeBB can be configured to display email addresses if the admin so wishes, and as email addresses can often by derived from other sources and/or guessed, the impact of this vulnerability is still fairly high.\n\n### Patches\n\n#### v2.x\nThe vulnerability has been patched in https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888. You can cherry-pick this directly into your codebase.\n\n#### v1.19.x\nThe vulnerability has been patched in 81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9. You can cherry-pick this directly into your codebase.\n\n### Workarounds\nThere is no known workaround, but the patch sets listed above will fully patch the vulnerability.\n\n### References\n* [CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)](http://cwe.mitre.org/data/definitions/338.html)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Discuss it on [our community forum](community.nodebb.org/)\n* Email us at [support@nodebb.org](mailto:support@nodebb.org)\n",
"id": "GHSA-p4cc-w597-6cpm",
"modified": "2022-09-08T14:13:22Z",
"published": "2022-08-30T20:38:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/NodeBB/NodeBB/security/advisories/GHSA-p4cc-w597-6cpm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36045"
},
{
"type": "WEB",
"url": "https://github.com/NodeBB/NodeBB/commit/81e3c1ba488d03371a5ce8d0ebb5c5803026e0f9"
},
{
"type": "WEB",
"url": "https://github.com/NodeBB/NodeBB/commit/e802fab87f94a13f397f04cfe6068f2f7ddf7888"
},
{
"type": "PACKAGE",
"url": "https://github.com/NodeBB/NodeBB"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Cryptographically weak PRNG in `utils.generateUUID`"
}
GHSA-P7RC-QMR8-GXR8
Vulnerability from github – Published: 2022-03-02 00:00 – Updated: 2022-03-17 00:04The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.
{
"affected": [],
"aliases": [
"CVE-2021-36171"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-01T18:15:00Z",
"severity": "HIGH"
},
"details": "The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.",
"id": "GHSA-p7rc-qmr8-gxr8",
"modified": "2022-03-17T00:04:28Z",
"published": "2022-03-02T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36171"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-21-099"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P9F6-CWF6-CCQV
Vulnerability from github – Published: 2022-05-14 02:57 – Updated: 2022-05-14 02:57The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.
{
"affected": [],
"aliases": [
"CVE-2018-14715"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-03T18:29:00Z",
"severity": "HIGH"
},
"details": "The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block\u0027s hash. Therefore, attackers can predict the random number and always win the game.",
"id": "GHSA-p9f6-cwf6-ccqv",
"modified": "2022-05-14T02:57:54Z",
"published": "2022-05-14T02:57:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14715"
},
{
"type": "WEB",
"url": "https://medium.com/@jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-cryptogs-an-ethereum-cve-2018-14715-f63a51ac2eb9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PM3J-MQCC-RJQR
Vulnerability from github – Published: 2025-01-02 06:30 – Updated: 2025-01-02 06:30The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys.
{
"affected": [],
"aliases": [
"CVE-2002-20002"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-02T05:15:06Z",
"severity": "MODERATE"
},
"details": "The Net::EasyTCP package before 0.15 for Perl always uses Perl\u0027s builtin rand(), which is not a strong random number generator, for cryptographic keys.",
"id": "GHSA-pm3j-mqcc-rjqr",
"modified": "2025-01-02T06:30:47Z",
"published": "2025-01-02T06:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-20002"
},
{
"type": "WEB",
"url": "https://github.com/briandfoy/cpan-security-advisory/issues/184"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/MNAGUIB/EasyTCP-0.15/view/EasyTCP.pm"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
No CAPEC attack patterns related to this CWE.