CWE-331
Insufficient Entropy
BaseDraft
Description
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-59
CVEs mapped to this weakness (44)
page 3 of 3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-7432 | Low | 0.07 | — | 0.00 | Feb 9, 2026 | DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack. | |
| CVE-2026-8700 | 0.00 | — | 0.00 | May 15, 2026 | Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage. | ||
| CVE-2026-46474 | 0.00 | — | 0.00 | May 15, 2026 | Trog::TOTP versions before 1.006 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage. | ||
| CVE-2012-4687 | 0.00 | — | 0.00 | Dec 8, 2012 | Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value. |