VYPR

CWE-334

Small Space of Random Values

BaseDraft

Description

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (6)

  • CVE-2025-3895CriMay 23, 2025
    risk 0.59cvss epss 0.00

    Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauthenticated attacker who know user login names to brute force these tokens and change account passwords (including these…

  • CVE-2020-7566HigNov 19, 2020
    risk 0.47cvss 7.3epss 0.00

    A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221…

  • CVE-2023-6951MedApr 2, 2024
    risk 0.43cvss 6.6epss 0.00

    A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform…

  • CVE-2024-52616MedNov 21, 2024
    risk 0.35cvss 5.3epss 0.01

    A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

  • CVE-2024-54017MedMay 12, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 <…

  • CVE-2024-51720MedNov 12, 2024
    risk 0.31cvss 4.8epss 0.00

    An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number.