VYPR

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

BaseDraftLikelihood: Medium

Description

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (109)

page 2 of 6
  • CVE-2026-41505HigMay 7, 2026
    risk 0.50cvss 8.7epss 0.00

    RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.

  • CVE-2025-69217HigDec 30, 2025
    risk 0.50cvss 7.7epss 0.00

    coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RAND_bytes but libc's…

  • CVE-2025-1860HigMar 28, 2025
    risk 0.50cvss 7.7epss 0.00

    Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

  • CVE-2026-9638HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

  • CVE-2026-41858HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The…

  • CVE-2026-5088HigApr 15, 2026
    risk 0.49cvss 7.5epss 0.01

    Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are…

  • CVE-2026-5087HigMar 31, 2026
    risk 0.49cvss 7.5epss 0.00

    PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on systems without the device, such…

  • CVE-2025-40933HigSep 17, 2025
    risk 0.49cvss 7.5epss 0.00

    Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The…

  • CVE-2025-40920HigAug 11, 2025
    risk 0.49cvss 8.6epss 0.00

    Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known…

  • CVE-2024-34538HigMay 6, 2024
    risk 0.49cvss 7.5epss 0.01

    Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.

  • CVE-2018-12975HigSep 24, 2018
    risk 0.49cvss 7.5epss 0.01

    The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call).…

  • CVE-2018-5837HigSep 20, 2018
    risk 0.49cvss 7.5epss 0.01

    In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660,…

  • CVE-2018-11291HigSep 20, 2018
    risk 0.49cvss 7.5epss 0.01

    In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810,…

  • CVE-2018-11290HigSep 20, 2018
    risk 0.49cvss 7.5epss 0.01

    In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20,…

  • CVE-2018-17071HigSep 18, 2018
    risk 0.49cvss 7.5epss 0.01

    The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers…

  • CVE-2018-15552HigSep 7, 2018
    risk 0.49cvss 7.5epss 0.01

    The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function).…

  • CVE-2018-12056HigAug 15, 2018
    risk 0.49cvss 7.5epss 0.02

    The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get…

  • CVE-2018-14715HigAug 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can predict the random number and always win the game.

  • CVE-2018-12454HigJun 17, 2018
    risk 0.49cvss 7.5epss 0.01

    The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call).…

  • CVE-2017-9230HigMay 24, 2017
    risk 0.49cvss 7.5epss 0.03

    The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations…