CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Weakness ID: 338 (Weakness Base)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.
When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks.
Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms which use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.
Time of Introduction
Architecture and Design
Technical Impact: Bypass protection
If a PRNG is used for authentication and authorization, such as a
session ID or a seed for generating a cryptographic key, then an
attacker may be able to easily guess the ID or cryptographic key and
gain access to restricted functionality.
Likelihood of Exploit
Both of these examples use a statistical PRNG to generate a random
Random random = new Random(System.currentTimeMillis());
int accountID = random.nextInt();
Example Languages: C and C++
int randNum = rand();
The random number functions used in these examples, rand() and Random.nextInt(), are not considered cryptographically strong. An attacker may be able to predict the random numbers generated by these functions. Note that these example also exhibit CWE-337 (Predictable Seed in PRNG).