CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
BaseDraftLikelihood: Medium
Description
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (61)
page 4 of 4| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-2362 | 0.00 | — | 0.01 | Jul 24, 2014 | OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation. |