Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.9)  

Presentation Filter:

CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Weakness ID: 338 (Weakness Base)Status: Draft
+ Description

Description Summary

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.

Extended Description

When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks.

Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms which use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms



+ Common Consequences
Access Control

Technical Impact: Bypass protection mechanism

If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality.

+ Likelihood of Exploit


+ Demonstrative Examples

Example 1

Both of these examples use a statistical PRNG to generate a random number:

(Bad Code)
Example Language: Java 
Random random = new Random(System.currentTimeMillis());
int accountID = random.nextInt();
(Bad Code)
Example Languages: C and C++ 
int randNum = rand();

The random number functions used in these examples, rand() and Random.nextInt(), are not considered cryptographically strong. An attacker may be able to predict the random numbers generated by these functions. Note that these example also exhibit CWE-337 (Predictable Seed in PRNG).

+ Observed Examples
Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
Random number generator can repeatedly generate the same value.
Web application generates predictable session IDs, allowing session hijacking.
SSL library uses a weak random number generator that only generates 65,536 unique keys.
+ Potential Mitigations

Phase: Implementation

Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class330Use of Insufficiently Random Values
Development Concepts (primary)699
Research Concepts (primary)1000
Weaknesses for Simplified Mapping of Published Vulnerabilities (primary)1003
ChildOfCategoryCategory905SFP Primary Cluster: Predictability
Software Fault Pattern (SFP) Clusters (primary)888
MemberOfViewView884CWE Cross-section
CWE Cross-section (primary)884
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPNon-cryptographic PRNG
+ References
[REF-17] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 20: Weak Random Numbers." Page 299. McGraw-Hill. 2010.
+ Content History
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Common_Consequences, Observed_Examples, References, Relationships
2012-10-30CWE Content TeamMITREInternal
updated Demonstrative_Examples, Potential_Mitigations
2014-06-23CWE Content TeamMITREInternal
updated Applicable_Platforms, Description, Name, Other_Notes
2015-12-07CWE Content TeamMITREInternal
updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Non-cryptographic PRNG
2014-06-23Use of Cryptographically Weak PRNG
Page Last Updated: December 08, 2015