CWE-1241
Use of Predictable Algorithm in Random Number Generator
BaseDraft
Description
The device uses an algorithm that is predictable and generates a pseudo-random number.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-97
CVEs mapped to this weakness (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6420 | Med | 0.41 | 6.3 | 0.00 | May 6, 2026 | A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment. | |
| CVE-2025-13079 | Med | 0.34 | 5.3 | 0.00 | Feb 19, 2026 | The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data. This makes it possible for unauthenticated attackers to unsubscribe arbitrary subscribers from mailing lists via brute-forcing the unsubscribe token, granted they know the victim's email address | |
| CVE-2025-32056 | Med | 0.26 | 4.0 | 0.00 | Jan 22, 2026 | The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on Nissan Leaf ZE1 manufactured in 2020. |