Common Weakness Enumeration

CWE-341

Allowed

Predictable from Observable State

Abstraction: Base · Status: Draft

A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.

20 vulnerabilities reference this CWE, most recent first.

GHSA-3CQM-26W8-85G8

Vulnerability from github – Published: 2022-12-25 12:30 – Updated: 2023-01-04 21:30
VLAI
Details

A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-4277"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-341"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-25T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch is dbab1b66955eeb3d76b34612b358307f5c4e3944. It is recommended to apply a patch to fix this issue. The identifier VDB-216749 was assigned to this vulnerability.",
  "id": "GHSA-3cqm-26w8-85g8",
  "modified": "2023-01-04T21:30:19Z",
  "published": "2022-12-25T12:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4277"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fredsmith/utils/commit/dbab1b66955eeb3d76b34612b358307f5c4e3944"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.216749"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4F7C-7X79-WR4P

Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-26 21:31
VLAI
Details

Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-341"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-24T03:15:33Z",
    "severity": "MODERATE"
  },
  "details": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.",
  "id": "GHSA-4f7c-7x79-wr4p",
  "modified": "2025-06-26T21:31:04Z",
  "published": "2025-06-26T21:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48461"
    },
    {
      "type": "WEB",
      "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-546V-XQJF-QGCR

Vulnerability from github – Published: 2026-05-06 15:32 – Updated: 2026-06-30 03:36
VLAI
Details

Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure.

Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the Apache mod_unique_id plugin, which generates unique ids for the request. The id is based on the IPv4 address, the process id, the epoch time, a 16-bit counter and a thread index, with no obfuscation.

The server IP is often available to the public, and if not available, can be guessed from previous session ids being issued. The process ids may also be guessed from previous session ids. The timestamp is easily guessed (and leaked in the HTTP Date response header).

The purpose of mod_unique_id is to assign a unique id to requests so that events can be correlated in different logs. The id is not designed, nor is it suitable for security purposes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-340",
      "CWE-341"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T13:16:09Z",
    "severity": "CRITICAL"
  },
  "details": "Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure.\n\nApache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_ID environment variable for the session id. The UNIQUE_ID variable is set by the Apache mod_unique_id plugin, which generates unique ids for the request. The id is based on the IPv4 address, the process id, the epoch time, a 16-bit counter and a thread index, with no obfuscation.\n\nThe server IP is often available to the public, and if not available, can be guessed from previous session ids being issued. The process ids may also be guessed from previous session ids. The timestamp is easily guessed (and leaked in the HTTP Date response header).\n\nThe purpose of mod_unique_id is to assign a unique id to requests so that events can be correlated in different logs. The id is not designed, nor is it suitable for security purposes.",
  "id": "GHSA-546v-xqjf-qgcr",
  "modified": "2026-06-30T03:36:33Z",
  "published": "2026-05-06T15:32:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5081"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-5081"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467174"
    },
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/docs/current/mod/mod_unique_id.html"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/pod/Apache::Session::Generate::Random"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5081.json"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/06/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5RRM-76Q9-HP77

Vulnerability from github – Published: 2026-07-02 21:32 – Updated: 2026-07-06 18:30
VLAI
Details

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-38968"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-341"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-02T21:16:55Z",
    "severity": "CRITICAL"
  },
  "details": "ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing.",
  "id": "GHSA-5rrm-76q9-hp77",
  "modified": "2026-07-06T18:30:42Z",
  "published": "2026-07-02T21:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38968"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ntop/ntopng/commit/14e22497233dc7d31d19dccb74b13bb073d16c2c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ntop/ntopng/commit/179a346ceb6239fd36128ccca3efa8f9ea61eeb5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5V66-384X-CW8P

Vulnerability from github – Published: 2026-05-04 03:31 – Updated: 2026-06-15 21:30
VLAI
Details

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-341"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-04T01:16:03Z",
    "severity": "HIGH"
  },
  "details": "A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.",
  "id": "GHSA-5v66-384x-cw8p",
  "modified": "2026-06-15T21:30:25Z",
  "published": "2026-05-04T03:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42365"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports"
    },
    {
      "type": "WEB",
      "url": "https://www.geovision.com.tw/cyber_security.php"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2332"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63WJ-PRJ6-F5FR

Vulnerability from github – Published: 2024-10-19 15:30 – Updated: 2024-10-19 15:30
VLAI
Details

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-10141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-341"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-19T15:15:14Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.",
  "id": "GHSA-63wj-prj6-f5fr",
  "modified": "2024-10-19T15:30:28Z",
  "published": "2024-10-19T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10141"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jsbroks/coco-annotator/issues/626"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jsbroks/coco-annotator/issues/626#issue-2582440109"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.280929"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.280929"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.422713"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6PMV-7PR9-CGRJ

Vulnerability from github – Published: 2020-04-15 21:09 – Updated: 2021-08-23 15:17
VLAI
Summary
Predictable password in Keycloak
Details

A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-1731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330",
      "CWE-341"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-04-15T20:59:00Z",
    "nvd_published_at": "2020-03-02T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.",
  "id": "GHSA-6pmv-7pr9-cgrj",
  "modified": "2021-08-23T15:17:35Z",
  "published": "2020-04-15T21:09:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1731"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1731"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Predictable password in Keycloak"
}

GHSA-8WC6-6CPF-9JH3

Vulnerability from github – Published: 2025-09-09 03:30 – Updated: 2025-09-09 03:30
VLAI
Details

Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time, the attacker could determine a desired identifier which could enable them to access limited system information. This poses a low risk to confidentiality without impacting the integrity or availability of the service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-42925"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-341"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-09T02:15:40Z",
    "severity": "MODERATE"
  },
  "details": "Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time, the attacker could determine a desired identifier which could enable them to access limited system information. This poses a low risk to confidentiality without impacting the integrity or availability of the service.",
  "id": "GHSA-8wc6-6cpf-9jh3",
  "modified": "2025-09-09T03:30:19Z",
  "published": "2025-09-09T03:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-42925"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3640477"
    },
    {
      "type": "WEB",
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FRFJ-QX44-GGMV

Vulnerability from github – Published: 2024-01-12 15:30 – Updated: 2024-10-10 18:31
VLAI
Details

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-49259"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327",
      "CWE-341"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T15:15:09Z",
    "severity": "HIGH"
  },
  "details": "The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.",
  "id": "GHSA-frfj-qx44-ggmv",
  "modified": "2024-10-10T18:31:07Z",
  "published": "2024-01-12T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49259"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253"
    },
    {
      "type": "WEB",
      "url": "https://cert.pl/posts/2024/01/CVE-2023-49253"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3W4-M6QJ-VMM5

Vulnerability from github – Published: 2025-10-22 18:30 – Updated: 2025-11-05 00:31
VLAI
Details

In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-40780"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-341"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-22T16:15:42Z",
    "severity": "HIGH"
  },
  "details": "In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.",
  "id": "GHSA-j3w4-m6qj-vmm5",
  "modified": "2025-11-05T00:31:29Z",
  "published": "2025-10-22T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780"
    },
    {
      "type": "WEB",
      "url": "https://kb.isc.org/docs/cve-2025-40780"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/10/22/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Increase the entropy used to seed a PRNG.

Mitigation MIT-2
Architecture and Design Requirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

Mitigation MIT-50
Implementation

Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.

No CAPEC attack patterns related to this CWE.