CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
常见后果
影响范围: Access Control
技术影响: Bypass Protection Mechanism
说明: If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality.
潜在缓解措施
阶段: Implementation
描述: Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.
检测方法
方法: Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
有效性: High
观察示例
参考: CVE-2021-3692
PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens
参考: CVE-2009-3278
Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
参考: CVE-2009-3238
Random number generator can repeatedly generate the same value.
参考: CVE-2009-2367
Web application generates predictable session IDs, allowing session hijacking.
参考: CVE-2008-0166
SSL library uses a weak random number generator that only generates 65,536 unique keys.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Non-cryptographic PRNG | - |
| CERT C Secure Coding | MSC30-C | Do not use the rand() function for generating pseudorandom numbers | CWE More Abstract |