CWE-1241
Use of Predictable Algorithm in Random Number Generator
Description
The device uses an algorithm that is predictable and generates a pseudo-random number.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-97
CVEs mapped to this weakness (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10180 | Hig | 0.49 | 7.5 | 0.04 | Jan 30, 2017 | An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. | ||
| CVE-2026-6420 | — | Med | 0.34 | 6.3 | 0.00 | May 6, 2026 | A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation… | |
| CVE-2025-13079 | Med | 0.34 | 5.3 | 0.00 | Feb 19, 2026 | The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data.… | ||
| CVE-2025-32056 | Med | 0.26 | 4.0 | 0.00 | Jan 22, 2026 | The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. … | ||
| CVE-2021-4240 | — | 0.00 | — | 0.01 | Nov 15, 2022 | A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been… | ||
| CVE-2021-4241 | — | 0.00 | — | 0.01 | Nov 15, 2022 | A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to… |
- risk 0.49cvss 7.5epss 0.04
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.
- risk 0.34cvss 6.3epss 0.00
A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation…
- risk 0.34cvss 5.3epss 0.00
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data.…
- risk 0.26cvss 4.0epss 0.00
The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. …
- CVE-2021-4240Nov 15, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been…
- CVE-2021-4241Nov 15, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to…