VYPR

CWE-330

Use of Insufficiently Random Values

ClassStableLikelihood: High

Description

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-112 · CAPEC-485 · CAPEC-59

CVEs mapped to this weakness (149)

page 3 of 8
  • CVE-2017-17704HigDec 31, 2017
    risk 0.48cvss 7.4epss 0.01

    A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is…

  • CVE-2013-4734HigJun 30, 2013
    risk 0.48cvss 7.3epss 0.01

    dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier for attackers to obtain non-administrative access via unspecified vectors.

  • CVE-2024-4185HigApr 30, 2024
    risk 0.46cvss 8.1epss 0.01

    The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated…

  • CVE-2024-0761HigFeb 5, 2024
    risk 0.46cvss 8.1epss 0.01

    The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated…

  • CVE-2008-5162HigNov 26, 2008
    risk 0.46cvss 7.0epss 0.00

    The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM…

  • CVE-2026-45673MedJun 12, 2026
    risk 0.44cvss 6.8epss 0.00

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination…

  • CVE-2025-6515MedOct 20, 2025
    risk 0.44cvss 6.8epss 0.00

    The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning…

  • CVE-2017-13086MedOct 17, 2017
    risk 0.44cvss 6.8epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2017-13084MedOct 17, 2017
    risk 0.44cvss 6.8epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2017-13077MedOct 17, 2017
    risk 0.44cvss 6.8epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2026-33710HigApr 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always returns exactly 10000 (min == max), making the formula effectively md5(timestamp +…

  • CVE-2025-15574MedFeb 12, 2026
    risk 0.42cvss 6.5epss 0.00

    When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary…

  • CVE-2025-13470HigNov 21, 2025
    risk 0.42cvss 7.5epss 0.00

    In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key…

  • CVE-2024-5868MedJun 15, 2024
    risk 0.42cvss 6.5epss 0.00

    The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification.

  • CVE-2017-16031HigJun 4, 2018
    risk 0.42cvss 7.5epss 0.02

    Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io…

  • CVE-2017-17910MedDec 29, 2017
    risk 0.42cvss 6.5epss 0.00

    On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial…

  • CVE-2019-11840MedMay 9, 2019
    risk 0.39cvss 5.9epss 0.03

    An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256…

  • CVE-2023-6799MedApr 9, 2024
    risk 0.38cvss 5.9epss 0.01

    The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract…

  • CVE-2018-11045MedJul 11, 2018
    risk 0.38cvss 5.9epss 0.01

    Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running…

  • CVE-2018-1108MedMay 21, 2018
    risk 0.38cvss 5.9epss 0.02

    kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.