CWE-330
Use of Insufficiently Random Values
Description
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-112 · CAPEC-485 · CAPEC-59
CVEs mapped to this weakness (149)
page 2 of 8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13082 | Hig | 0.53 | 8.1 | 0.05 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | ||
| CVE-2009-0255 | Hig | 0.53 | 7.5 | 0.09 | Jan 22, 2009 | The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. | ||
| CVE-2026-40496 | Cri | 0.52 | 9.1 | 0.00 | Apr 21, 2026 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small… | ||
| CVE-2009-2158 | Hig | 0.52 | 7.5 | 0.05 | Jun 22, 2009 | account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack. | ||
| CVE-2008-0141 | Hig | 0.52 | 7.5 | 0.04 | Jan 8, 2008 | actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action. | ||
| CVE-2018-15807 | Hig | 0.51 | 7.8 | 0.00 | Aug 23, 2018 | POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker… | ||
| CVE-2017-17091 | Hig | 0.51 | 8.8 | 0.08 | Dec 2, 2017 | wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. | ||
| CVE-2008-0087 | Hig | 0.51 | 7.5 | 0.31 | Apr 8, 2008 | The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. | ||
| CVE-2026-41505 | Hig | 0.50 | 8.7 | 0.00 | May 7, 2026 | RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16. | ||
| CVE-2025-59371 | — | Hig | 0.49 | — | 0.01 | Nov 25, 2025 | An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability to potentially gain unauthorized access to the device. This vulnerability does not affect Wi-Fi 7 series models. Refer… | |
| CVE-2024-41708 | Hig | 0.49 | 7.5 | 0.00 | Sep 25, 2024 | An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module. | ||
| CVE-2017-10874 | Hig | 0.49 | 7.5 | 0.01 | Dec 1, 2017 | PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks. | ||
| CVE-2017-0897 | Hig | 0.49 | 7.5 | 0.04 | Jun 22, 2017 | ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution. | ||
| CVE-2013-7463 | Hig | 0.49 | 7.5 | 0.01 | Apr 19, 2017 | The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack. | ||
| CVE-2016-10180 | Hig | 0.49 | 7.5 | 0.04 | Jan 30, 2017 | An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. | ||
| CVE-2016-5085 | Hig | 0.49 | 7.5 | 0.04 | Oct 5, 2016 | Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake. | ||
| CVE-2008-4929 | Hig | 0.49 | 7.5 | 0.02 | Nov 4, 2008 | MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames. | ||
| CVE-2008-4905 | Hig | 0.49 | 7.5 | 0.01 | Nov 4, 2008 | Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack. | ||
| CVE-2008-2020 | Hig | 0.49 | 7.5 | 0.02 | Apr 30, 2008 | The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and… | ||
| CVE-2018-13280 | Hig | 0.48 | 7.4 | 0.01 | Jul 30, 2018 | Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. |
- risk 0.53cvss 8.1epss 0.05
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
- risk 0.53cvss 7.5epss 0.09
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
- risk 0.52cvss 9.1epss 0.00
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small…
- risk 0.52cvss 7.5epss 0.05
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack.
- risk 0.52cvss 7.5epss 0.04
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.
- risk 0.51cvss 7.8epss 0.00
POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker…
- risk 0.51cvss 8.8epss 0.08
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.
- risk 0.51cvss 7.5epss 0.31
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
- risk 0.50cvss 8.7epss 0.00
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.
- risk 0.49cvss —epss 0.01
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability to potentially gain unauthorized access to the device. This vulnerability does not affect Wi-Fi 7 series models. Refer…
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module.
- risk 0.49cvss 7.5epss 0.01
PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks.
- risk 0.49cvss 7.5epss 0.04
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
- risk 0.49cvss 7.5epss 0.01
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.
- risk 0.49cvss 7.5epss 0.04
An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.
- risk 0.49cvss 7.5epss 0.04
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.
- risk 0.49cvss 7.5epss 0.02
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.
- risk 0.49cvss 7.5epss 0.01
Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack.
- risk 0.49cvss 7.5epss 0.02
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and…
- risk 0.48cvss 7.4epss 0.01
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.