CWE-1241: Use of Predictable Algorithm in Random Number Generator

Base Draft Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The device uses an algorithm that is predictable and generates a pseudo-random number.

常见后果

影响范围: Confidentiality

技术影响: Read Application Data

潜在缓解措施

阶段: Architecture and Design

描述: A true random number generator should be specified for cryptographic algorithms.

阶段: Implementation

描述: A true random number generator should be implemented for cryptographic algorithms.

观察示例

参考: CVE-2021-3692

PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens

引入模式

阶段	说明
Architecture and Design	-
Implementation	In many cases, the design originally defines a cryptographically secure random number generator, but is then changed during implementation due to unforeseen constraints.

适用平台

技术

System on Chip (Undetermined)

关键信息

CWE ID: CWE-1241

抽象级别: Base

结构: Simple

状态: Draft

CWE-1241: Use of Predictable Algorithm in Random Number Generator

弱点描述

常见后果

潜在缓解措施

观察示例

引入模式

适用平台

技术

关键信息

相关弱点

相关攻击模式

CWE-1241: Use of Predictable Algorithm in Random Number Generator

弱点描述

常见后果

潜在缓解措施

观察示例

引入模式

适用平台

技术

关键信息

相关弱点

ChildOf CWE-330

相关攻击模式