CWE-338
AllowedUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Abstraction: Base · Status: Draft
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
293 vulnerabilities reference this CWE, most recent first.
GHSA-VXR9-MR85-JWJW
Vulnerability from github – Published: 2022-05-14 03:49 – Updated: 2022-05-14 03:49It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.
{
"affected": [],
"aliases": [
"CVE-2017-18021"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-05T19:29:00Z",
"severity": "CRITICAL"
},
"details": "It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.",
"id": "GHSA-vxr9-mr85-jwjw",
"modified": "2022-05-14T03:49:11Z",
"published": "2022-05-14T03:49:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18021"
},
{
"type": "WEB",
"url": "https://github.com/IJHack/QtPass/issues/338"
},
{
"type": "WEB",
"url": "https://github.com/IJHack/QtPass/releases/tag/v1.2.1"
},
{
"type": "WEB",
"url": "https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html"
},
{
"type": "WEB",
"url": "https://qtpass.org"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W287-9Q69-3HX9
Vulnerability from github – Published: 2025-01-04 00:33 – Updated: 2025-01-21 18:31In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.
{
"affected": [],
"aliases": [
"CVE-2025-22376"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-03T22:15:07Z",
"severity": "CRITICAL"
},
"details": "In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.",
"id": "GHSA-w287-9q69-3hx9",
"modified": "2025-01-21T18:31:04Z",
"published": "2025-01-04T00:33:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22376"
},
{
"type": "WEB",
"url": "https://github.com/keeth/Net-OAuth/commit/2aa25e04aadab247ae4063363fcee177161e1f42"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/html/rfc5849#section-3.3"
},
{
"type": "WEB",
"url": "https://datatracker.ietf.org/doc/html/rfc5849#section-4.10"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/KGRENNAN/Net-OAuth-0.28/source/lib/Net/OAuth/Client.pm#L260"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/RRWO/Net-OAuth-0.29/changes"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/RRWO/Net-OAuth-0.29/diff/KGRENNAN/Net-OAuth-0.28#lib/Net/OAuth/Client.pm"
},
{
"type": "WEB",
"url": "https://www.vulnarium.com/blogpost-2025-01-05"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W5V5-5VPM-87MX
Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2022-02-10 00:00Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.
{
"affected": [],
"aliases": [
"CVE-2013-20003"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-04T23:15:00Z",
"severity": "HIGH"
},
"details": "Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.",
"id": "GHSA-w5v5-5vpm-87mx",
"modified": "2022-02-10T00:00:50Z",
"published": "2022-02-10T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-20003"
},
{
"type": "WEB",
"url": "https://orangecyberdefense.com/global/blog/sensepost/blackhat-conference-z-wave-security"
},
{
"type": "WEB",
"url": "https://sensepost.com/cms/resources/conferences/2013/bh_zwave/Security%20Evaluation%20of%20Z-Wave_WP.pdf"
},
{
"type": "WEB",
"url": "https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W6W2-2WXG-GGWX
Vulnerability from github – Published: 2025-06-16 12:30 – Updated: 2025-06-16 15:32Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.
That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.
{
"affected": [],
"aliases": [
"CVE-2025-40916"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-16T11:15:17Z",
"severity": "CRITICAL"
},
"details": "Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.\n\nThat version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.",
"id": "GHSA-w6w2-2wxg-ggwx",
"modified": "2025-06-16T15:32:26Z",
"published": "2025-06-16T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40916"
},
{
"type": "WEB",
"url": "https://metacpan.org/pod/perlfunc#rand"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.04/diff/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.05/lib/Mojolicious/Plugin/CaptchaPNG.pm"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.06/changes"
},
{
"type": "WEB",
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W6XH-RJX5-X9M5
Vulnerability from github – Published: 2023-06-06 18:30 – Updated: 2024-04-04 04:36Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.
{
"affected": [],
"aliases": [
"CVE-2023-32549"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T16:15:10Z",
"severity": "HIGH"
},
"details": "Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.",
"id": "GHSA-w6xh-rjx5-x9m5",
"modified": "2024-04-04T04:36:05Z",
"published": "2023-06-06T18:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32549"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/landscape/+bug/1929034"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W88F-4875-99C8
Vulnerability from github – Published: 2025-11-26 09:31 – Updated: 2025-11-26 23:19Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator. This may allow an attacker to predict or brute force the secret used to sign authentication cookies, potentially enabling token forgery or authentication bypass. Additionally, each process generates its own fallback secret, resulting in inconsistent secrets across nodes. This causes authentication failures in distributed or multi-broker deployments, effectively leading to a incorrectly configured clusters. Users are advised to configure a strong druid.auth.authenticator.kerberos.cookieSignatureSecret
This issue affects Apache Druid: through 34.0.0.
Users are recommended to upgrade to version 35.0.0, which fixes the issue making it mandatory to set druid.auth.authenticator.kerberos.cookieSignatureSecret when using the Kerberos authenticator. Services will fail to come up if the secret is not set.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.druid:druid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "35.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59390"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-26T23:19:18Z",
"nvd_published_at": "2025-11-26T09:15:46Z",
"severity": "CRITICAL"
},
"details": "Apache Druid\u2019s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not explicitly set. In this case, the secret is generated using `ThreadLocalRandom`, which is not a crypto-graphically secure random number generator. This may allow an attacker to predict or brute force the secret used to sign authentication cookies, potentially enabling token forgery or authentication bypass. Additionally, each process generates its own fallback secret, resulting in inconsistent secrets across nodes. This causes authentication failures in distributed or multi-broker deployments, effectively leading to a incorrectly configured clusters. Users are advised to configure a strong\u00a0`druid.auth.authenticator.kerberos.cookieSignatureSecret`\n\nThis issue affects Apache Druid: through 34.0.0.\n\nUsers are recommended to upgrade to version 35.0.0, which fixes the issue making it mandatory to set `druid.auth.authenticator.kerberos.cookieSignatureSecret` when using the\u00a0Kerberos authenticator. Services will fail to come up if the secret is not set.",
"id": "GHSA-w88f-4875-99c8",
"modified": "2025-11-26T23:19:18Z",
"published": "2025-11-26T09:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59390"
},
{
"type": "WEB",
"url": "https://github.com/apache/druid/pull/18368"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/druid"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/jwjltllnntgj1sb9wzsjmvwm9f8rlhg8"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/11/26/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Druid\u2019s Kerberos authenticator uses a weak fallback secret"
}
GHSA-WCW3-C785-7Q5X
Vulnerability from github – Published: 2025-12-22 15:30 – Updated: 2025-12-22 15:30Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.
{
"affected": [],
"aliases": [
"CVE-2025-26379"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-22T15:16:00Z",
"severity": "HIGH"
},
"details": "Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.",
"id": "GHSA-wcw3-c785-7q5x",
"modified": "2025-12-22T15:30:21Z",
"published": "2025-12-22T15:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26379"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-02"
},
{
"type": "WEB",
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WR3G-2HMF-PGF3
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-05-24 17:12An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.
{
"affected": [],
"aliases": [
"CVE-2019-15075"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-20T18:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.",
"id": "GHSA-wr3g-2hmf-pgf3",
"modified": "2022-05-24T17:12:00Z",
"published": "2022-05-24T17:12:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15075"
},
{
"type": "WEB",
"url": "https://github.com/iNextrix/ASTPP/commit/9877ec62556f0470030acd306b24bc94fdcbe2ae"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WWVV-X5MQ-H3JJ
Vulnerability from github – Published: 2021-09-01 18:35 – Updated: 2021-08-30 20:28yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "yiisoft/yii2-dev"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.43"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-3692"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-30T20:28:42Z",
"nvd_published_at": "2021-08-10T17:15:00Z",
"severity": "MODERATE"
},
"details": "yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator",
"id": "GHSA-wwvv-x5mq-h3jj",
"modified": "2021-08-30T20:28:42Z",
"published": "2021-09-01T18:35:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3692"
},
{
"type": "WEB",
"url": "https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46"
},
{
"type": "PACKAGE",
"url": "https://github.com/yiisoft/yii2"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/55517f19-5c28-4db2-8b00-f78f841e8aba"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev"
}
GHSA-X97H-G784-4PW8
Vulnerability from github – Published: 2025-04-10 12:31 – Updated: 2025-04-10 15:31In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.
{
"affected": [],
"aliases": [
"CVE-2025-32754"
],
"database_specific": {
"cwe_ids": [
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-10T12:15:16Z",
"severity": "CRITICAL"
},
"details": "In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.",
"id": "GHSA-x97h-g784-4pw8",
"modified": "2025-04-10T15:31:48Z",
"published": "2025-04-10T12:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32754"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2025-04-10/#SECURITY-3565"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
No CAPEC attack patterns related to this CWE.