VYPR

CWE-332

Insufficient Entropy in PRNG

VariantDraftLikelihood: Medium

Description

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (9)

  • CVE-2018-9057CriMar 27, 2018
    risk 0.57cvss 9.8epss 0.02

    aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned…

  • CVE-2014-9690HigApr 2, 2017
    risk 0.49cvss 7.5epss 0.01

    Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier's solution is not random enough. As a result, brute…

  • CVE-2016-9154HigDec 23, 2016
    risk 0.49cvss 7.5epss 0.01

    Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U,…

  • CVE-2026-3290HigMay 14, 2026
    risk 0.48cvss epss 0.00

    Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values

  • CVE-2016-1902HigJun 1, 2016
    risk 0.42cvss 7.5epss 0.02

    The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails,…

  • CVE-2017-9371LowNov 14, 2017
    risk 0.17cvss 2.6epss 0.01

    In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical…

  • CVE-2016-15005Dec 27, 2022
    risk 0.00cvss epss 0.00

    CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.

  • CVE-2014-0016Mar 24, 2014
    risk 0.00cvss epss 0.02

    stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote attackers to obtain private keys for…

  • CVE-2013-1445Oct 26, 2013
    risk 0.00cvss epss 0.02

    The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race…