CWE-341 从可观察状态的可预测

Predictable from Observable State

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown


A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.


  • cwe_Nature: ChildOf cwe_CWE_ID: 330 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 330 cwe_View_ID: 699 cwe_Ordinal: Primary


Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}


范围 影响 注释
Other Varies by Context This weakness could be exploited by an attacker in a number ways depending on the context. If a predictable number is used to generate IDs or keys that are used within protection mechanisms, then an attacker could gain unauthorized access to the system. If predictable filenames are used for storing sensitive information, then an attacker might gain access to the system and may be able to gain access to the information in the file.




Increase the entropy used to seed a PRNG.

MIT-2 ['Architecture and Design', 'Requirements']

策略: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

MIT-50 Implementation


Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.


This code generates a unique random identifier for a user's session.

bad PHP

function generateSessionID($userID){
return rand();

Because the seed for the PRNG is always the user's ID, the session ID will always be the same. An attacker could thus predict any user's session ID and potentially hijack the session.

This example also exhibits a Small Seed Space (CWE-339).


标识 说明 链接
CVE-2002-0389 Mail server stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
CVE-2001-1141 PRNG allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
CVE-2000-0335 DNS resolver library uses predictable IDs, which allows a local attacker to spoof DNS query results.
CVE-2005-1636 MFV. predictable filename and insecure permissions allows file modification to execute SQL queries.


映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Predictable from Observable State