CWE-340: Generation of Predictable Numbers or Identifiers
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses a scheme that generates numbers or identifiers that are more predictable than required.
常见后果
影响范围: Other
技术影响: Varies by Context
观察示例
参考: CVE-2022-29330
Product for administering PBX systems uses predictable identifiers and timestamps for filenames (CWE-340) which allows attackers to access files via direct request (CWE-425).
参考: CVE-2001-1141
PRNG allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
参考: CVE-1999-0074
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Predictability problems | - |
| WASC | 11 | Brute Force | - |