CWE-330: Use of Insufficiently Random Values
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
常见后果
影响范围: Confidentiality Other
技术影响: Other
说明: When a protection mechanism relies on random values to restrict access to a sensitive resource, such as a session ID or a seed for generating a cryptographic key, then the resource being protected could be accessed by guessing the ID or key.
影响范围: Access Control Other
技术影响: Bypass Protection Mechanism Other
说明: If product relies on unique, unguessable IDs to identify a resource, an attacker might be able to guess an ID for a resource that is owned by another user. The attacker could then read the resource, or pre-create a resource with the same ID to prevent the legitimate program from properly sending the resource to the intended user. For example, a product might maintain session information in a file whose name is based on a username. An attacker could pre-create this file for a victim user, then set the permissions so that the application cannot generate the session for the victim, preventing the victim from using the application.
影响范围: Access Control
技术影响: Bypass Protection Mechanism Gain Privileges or Assume Identity
说明: When an authorization or authentication mechanism relies on random values to restrict access to restricted functionality, such as a session ID or a seed for generating a cryptographic key, then an attacker may access the restricted functionality by guessing the ID or key.
潜在缓解措施
阶段: Architecture and Design
阶段: Implementation
描述: Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
阶段: Testing
描述: Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.
阶段: Architecture and Design Requirements
策略: Libraries or Frameworks
描述: Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
阶段: Testing
描述: Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
检测方法
方法: Black Box
方法: Automated Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Manual Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Dynamic Analysis with Manual Results Interpretation
有效性: SOAR Partial
方法: Manual Static Analysis - Source Code
有效性: High
方法: Automated Static Analysis - Source Code
有效性: SOAR Partial
方法: Architecture or Design Review
有效性: High
观察示例
参考: CVE-2021-3692
PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens
参考: CVE-2020-7010
Cloud application on Kubernetes generates passwords using a weak random number generator based on deployment time.
参考: CVE-2009-3278
Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
参考: CVE-2009-3238
Random number generator can repeatedly generate the same value.
参考: CVE-2009-2367
Web application generates predictable session IDs, allowing session hijacking.
参考: CVE-2009-2158
Password recovery utility generates a relatively small number of random passwords, simplifying brute force attacks.
参考: CVE-2009-0255
Cryptographic key created with a seed based on the system time.
参考: CVE-2008-5162
Kernel function does not have a good entropy source just after boot.
参考: CVE-2008-4905
Blogging software uses a hard-coded salt when calculating a password hash.
参考: CVE-2008-4929
Bulletin board application uses insufficiently random names for uploaded files, allowing other users to access private files.
参考: CVE-2008-3612
Handheld device uses predictable TCP sequence numbers, allowing spoofing or hijacking of TCP connections.
参考: CVE-2008-2433
Web management console generates session IDs based on the login time, making it easier to conduct session hijacking.
参考: CVE-2008-0166
SSL library uses a weak random number generator that only generates 65,536 unique keys.
参考: CVE-2008-2108
Chain: insufficient precision causes extra zero bits to be assigned, reducing entropy for an API function that generates random numbers.
参考: CVE-2008-2108
Chain: insufficient precision (CWE-1339) in random-number generator causes some zero bits to be reliably generated, reducing the amount of entropy (CWE-331)
参考: CVE-2008-2020
CAPTCHA implementation does not produce enough different images, allowing bypass using a database of all possible checksums.
参考: CVE-2008-0087
DNS client uses predictable DNS transaction IDs, allowing DNS spoofing.
参考: CVE-2008-0141
Application generates passwords that are based on the time of day.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Randomness and Predictability | - |
| 7 Pernicious Kingdoms | - | Insecure Randomness | - |
| OWASP Top Ten 2004 | A2 | Broken Access Control | CWE More Specific |
| CERT C Secure Coding | CON33-C | Avoid race conditions when using library functions | Imprecise |
| CERT C Secure Coding | MSC30-C | Do not use the rand() function for generating pseudorandom numbers | CWE More Abstract |
| CERT C Secure Coding | MSC32-C | Properly seed pseudorandom number generators | CWE More Abstract |
| WASC | 11 | Brute Force | - |
| WASC | 18 | Credential/Session Prediction | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | MSC02-J | Generate strong random numbers | - |
关键信息
CWE ID: CWE-330
抽象级别: Class
结构: Simple
状态: Stable
利用可能性: High