CWE-341: Predictable from Observable State
Predictable from Observable State
Weakness ID: 341 (Weakness Base) Status: Draft
Description
Description Summary
A number or object is predictable based on observations that
the attacker can make about the state of the system or network, such as time,
process ID, etc.
Time of Introduction
Architecture and Design
Implementation
Observed Examples
Reference Description CVE-2002-0389 CVE-2001-1141 CVE-2000-0335 DNS resolver library uses predictable IDs, which
allows a local attacker to spoof DNS query
results. CVE-2005-1636 MFV. predictable filename and insecure permissions
allows file modification to execute SQL
queries.
Potential Mitigations
ID Phase Description Increase the entropy used to seed a PRNG.
2 Implementation
Perform FIPS 140-2 tests on data to catch obvious entropy
problems.
Implementation
Consider a PRNG which re-seeds itself, as needed from a high quality
pseudo-random output, like hardware devices.
Relationships
Taxonomy Mappings
Mapped Taxonomy Name Node ID Fit Mapped Node Name PLOVER Predictable from Observable State
Content History
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time of Introduction 2008-09-08 CWE Content Team MITRE Internal updated Relationships,
Taxonomy Mappings 2009-03-10 CWE Content Team MITRE Internal updated Potential Mitigations
Description
