CWE-338
AllowedUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Abstraction: Base · Status: Draft
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
293 vulnerabilities reference this CWE, most recent first.
GHSA-RC7V-65V6-M2V3
Vulnerability from github – Published: 2024-10-28 15:12 – Updated: 2024-11-08 17:25Withdrawn Advisory
This advisory has been withdrawn because the vulnerability does not affect a released version of the github.com/go-mysql-org/go-mysql package. For more information, see https://github.com/github/advisory-database/pull/4990.
Original Advisory
Affected by CVE-2021-3538
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/go-mysql-org/go-mysql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-28T15:12:22Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "## Withdrawn Advisory\n\nThis advisory has been withdrawn because the vulnerability does not affect a released version of the `github.com/go-mysql-org/go-mysql` package. For more information, see https://github.com/github/advisory-database/pull/4990.\n\n## Original Advisory\n\nAffected by CVE-2021-3538",
"id": "GHSA-rc7v-65v6-m2v3",
"modified": "2024-11-08T17:25:16Z",
"published": "2024-10-28T15:12:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/apptainer/sif/security/advisories/GHSA-33m6-q9v5-62r7"
},
{
"type": "WEB",
"url": "https://github.com/go-mysql-org/go-mysql/security/advisories/GHSA-rc7v-65v6-m2v3"
},
{
"type": "WEB",
"url": "https://github.com/hpcng/sif/security/advisories/GHSA-33m6-q9v5-62r7"
},
{
"type": "WEB",
"url": "https://github.com/github/advisory-database/pull/4990"
},
{
"type": "PACKAGE",
"url": "https://github.com/go-mysql-org/go-mysql"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Withdrawn Advisory: go-mysql affected by go.uuid\u0027s Predictable UUID Identifiers",
"withdrawn": "2024-11-08T17:25:16Z"
}
GHSA-RG9R-F32F-755R
Vulnerability from github – Published: 2023-02-02 00:30 – Updated: 2023-02-08 21:30An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.
{
"affected": [],
"aliases": [
"CVE-2022-45782"
],
"database_specific": {
"cwe_ids": [
"CWE-338",
"CWE-640"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-01T22:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover.",
"id": "GHSA-rg9r-f32f-755r",
"modified": "2023-02-08T21:30:19Z",
"published": "2023-02-02T00:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45782"
},
{
"type": "WEB",
"url": "https://www.dotcms.com/security/SI-66"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RGH6-HJMR-J5FV
Vulnerability from github – Published: 2021-12-26 00:00 – Updated: 2022-01-11 00:02In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.
{
"affected": [],
"aliases": [
"CVE-2021-45489"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-25T02:15:00Z",
"severity": "HIGH"
},
"details": "In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.",
"id": "GHSA-rgh6-hjmr-j5fv",
"modified": "2022-01-11T00:02:10Z",
"published": "2021-12-26T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45489"
},
{
"type": "WEB",
"url": "https://arxiv.org/pdf/2112.09604.pdf"
},
{
"type": "WEB",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2021-001.txt.asc"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RGQQ-JVQ6-W93R
Vulnerability from github – Published: 2024-09-26 18:31 – Updated: 2024-09-26 18:31The goTenna Pro ATAK Plugin does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.
{
"affected": [],
"aliases": [
"CVE-2024-45723"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-26T18:15:07Z",
"severity": "HIGH"
},
"details": "The goTenna Pro ATAK Plugin does not use SecureRandom when generating \nits cryptographic keys. The random function in use is not suitable for \ncryptographic use.",
"id": "GHSA-rgqq-jvq6-w93r",
"modified": "2024-09-26T18:31:45Z",
"published": "2024-09-26T18:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45723"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RJQ9-C3RF-C638
Vulnerability from github – Published: 2026-04-01 21:30 – Updated: 2026-04-01 21:30An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
{
"affected": [],
"aliases": [
"CVE-2026-34871"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-01T19:16:33Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).",
"id": "GHSA-rjq9-c3rf-c638",
"modified": "2026-04-01T21:30:30Z",
"published": "2026-04-01T21:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34871"
},
{
"type": "WEB",
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories"
},
{
"type": "WEB",
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-dev-random"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RMW5-XPG9-JR29
Vulnerability from github – Published: 2021-06-10 17:23 – Updated: 2022-04-27 20:30An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rclone/rclone"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.53.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-28924"
],
"database_specific": {
"cwe_ids": [
"CWE-331",
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-09T14:47:19Z",
"nvd_published_at": "2020-11-19T20:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.",
"id": "GHSA-rmw5-xpg9-jr29",
"modified": "2022-04-27T20:30:31Z",
"published": "2021-06-10T17:23:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28924"
},
{
"type": "WEB",
"url": "https://github.com/rclone/rclone/issues/4783"
},
{
"type": "PACKAGE",
"url": "https://github.com/rclone/rclone"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCD"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone"
}
GHSA-RQ65-66G5-5PG2
Vulnerability from github – Published: 2026-06-23 09:32 – Updated: 2026-06-23 15:32Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter.
When no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl's built-in rand function.
A predictable state allows an attacker to hijack another user's session through cross site request forgery (CSRF).
{
"affected": [],
"aliases": [
"CVE-2026-9733"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-23T08:16:26Z",
"severity": "CRITICAL"
},
"details": "Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter.\n\nWhen no state generator is specified in the constructor, the module defaults to using a SHA-1 hash of predictable and low-entropy sources, including the epoch time (which is leaked via the HTTP Date header) and a call to Perl\u0027s built-in rand function.\n\nA predictable state allows an attacker to hijack another user\u0027s session through cross site request forgery (CSRF).",
"id": "GHSA-rq65-66g5-5pg2",
"modified": "2026-06-23T15:32:35Z",
"published": "2026-06-23T09:32:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9733"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/html/rfc6749#section-10.12"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/HAYAJO/Mojolicious-Plugin-Web-Auth-0.17/source/lib/Mojolicious/Plugin/Web/Auth/OAuth2.pm#L129-131"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/patches/M/Mojolicious-Plugin-Web-Auth/0.17/CVE-2026-9733-r2.patch"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/06/23/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RXR3-QRG9-4XG5
Vulnerability from github – Published: 2025-04-10 12:31 – Updated: 2025-04-10 15:31In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.
{
"affected": [],
"aliases": [
"CVE-2025-32755"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-10T12:15:16Z",
"severity": "CRITICAL"
},
"details": "In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.",
"id": "GHSA-rxr3-qrg9-4xg5",
"modified": "2025-04-10T15:31:48Z",
"published": "2025-04-10T12:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32755"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2025-04-10/#SECURITY-3565"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VJFH-J2FF-QXW8
Vulnerability from github – Published: 2022-10-14 12:00 – Updated: 2025-05-16 15:30D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.
{
"affected": [],
"aliases": [
"CVE-2022-42159"
],
"database_specific": {
"cwe_ids": [
"CWE-335",
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-13T19:15:00Z",
"severity": "MODERATE"
},
"details": "D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.",
"id": "GHSA-vjfh-j2ff-qxw8",
"modified": "2025-05-16T15:30:30Z",
"published": "2022-10-14T12:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42159"
},
{
"type": "WEB",
"url": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VRGH-5W3C-GGF8
Vulnerability from github – Published: 2021-12-03 20:38 – Updated: 2021-12-03 15:18showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG).
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "showdoc/showdoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3990"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2021-12-02T21:16:12Z",
"nvd_published_at": "2021-12-01T11:15:00Z",
"severity": "MODERATE"
},
"details": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG).",
"id": "GHSA-vrgh-5w3c-ggf8",
"modified": "2021-12-03T15:18:33Z",
"published": "2021-12-03T20:38:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3990"
},
{
"type": "WEB",
"url": "https://github.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0"
},
{
"type": "PACKAGE",
"url": "https://github.com/star7th/showdoc"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
}
Mitigation
Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
No CAPEC attack patterns related to this CWE.