The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.
Time of Introduction
Architecture and Design
Implementation
Applicable Platforms
Languages
All
Common Consequences
Scope
Effect
Access Control
Technical Impact: Bypass protection
mechanism
If a PRNG is used for authentication and authorization, such as a
session ID or a seed for generating a cryptographic key, then an
attacker may be able to easily guess the ID or cryptographic key and
gain access to restricted functionality.
Likelihood of Exploit
Medium
Demonstrative Examples
Example 1
Both of these examples use a statistical PRNG to generate a random
number:
(Bad Code)
Example
Language: Java
Random random = new Random(System.currentTimeMillis());
int accountID = random.nextInt();
(Bad Code)
Example Languages: C and C++
srand(time());
int randNum = rand();
The random number functions used in these examples, rand() and Random.nextInt(), are not considered cryptographically strong. An attacker may be able to predict the random numbers generated by these functions. Note that these example also exhibit CWE-337 (Predictable Seed in PRNG).
SSL library uses a weak random number generator
that only generates 65,536 unique keys.
Potential Mitigations
Phase: Implementation
Use functions or hardware which use a hardware-based random number
generation for all crypto. This is the recommended solution. Use
CyptGenRandom on Windows, or hw_rand() on Linux.
Other Notes
Often a pseudo-random number generator (PRNG) is not designed for
cryptography. Sometimes a mediocre source of randomness is sufficient or
preferable for algorithms which use random numbers. Weak generators
generally take less processing power and/or do not use the precious, finite,
entropy sources on a system.
[REF-17] Michael Howard, David LeBlanc
and John Viega. "24 Deadly Sins of Software Security". "Sin 20: Weak Random Numbers." Page 299. McGraw-Hill. 2010.
Description
