Random Number Issues
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to a software system's random number generation.
Weaknesses
The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
An exact value or random number can be precisely predicted by observing previous values.
A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.
The product's random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities for the next val...
The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
The product uses a constant value, name, or reference, but this value can (or should) vary across different environments.
The device uses an algorithm that is predictable and generates a pseudo-random number.
Concepts
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.