CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.
扩展描述
The use of predictable seeds significantly reduces the number of possible seeds that an attacker would need to test in order to predict which random numbers will be generated by the PRNG.
常见后果
影响范围: Other
技术影响: Varies by Context
潜在缓解措施
描述: Use non-predictable inputs for seed generation.
阶段: Architecture and Design Requirements
策略: Libraries or Frameworks
描述: Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.
阶段: Implementation
描述: Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.
观察示例
参考: CVE-2020-7010
Cloud application on Kubernetes generates passwords using a weak random number generator based on deployment time.
参考: CVE-2019-11495
server uses erlang:now() to seed the PRNG, which results in a small search space for potential random seeds
参考: CVE-2008-0166
The removal of a couple lines of code caused Debian's OpenSSL Package to only use the current process ID for seeding a PRNG
参考: CVE-2016-10180
Router's PIN generation is based on rand(time(0)) seeding.
参考: CVE-2018-9057
cloud provider product uses a non-cryptographically secure PRNG and seeds it with the current time
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Predictable Seed in PRNG | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | MSC02-J | Generate strong random numbers | - |