Category Archives: CWE

CWE

CWE-374 – Passing Mutable Objects to an Untrusted Method

Read Time:54 Second

Description

The program sends non-cloned mutable data as an argument to a method or function.

The function or method that has been called can alter or delete the mutable data. This could violate assumptions that the calling function has made about its state. In situations where unknown code is called with references to mutable data, this external code could make changes to the data sent. If this data was not previously cloned, the modified data might not be valid in the context of execution.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-668

 

Consequences

Integrity: Modify Memory

Potentially data could be tampered with by another function which should not have been tampered with.

 

Potential Mitigations

Phase: Implementation

Description: 

Pass in data which should not be altered as constant or immutable.

Phase: Implementation

Description: 

Clone all mutable data before passing it into an external function . This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.

CVE References

CWE

CWE-375 – Returning a Mutable Object to an Untrusted Caller

Read Time:50 Second

Description

Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function.

In situations where functions return references to mutable data, it is possible that the external code which called the function may make changes to the data sent. If this data was not previously cloned, the class will then be using modified data which may violate assumptions about its internal state.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-668

 

Consequences

Access Control, Integrity: Modify Memory

Potentially data could be tampered with by another function which should not have been tampered with.

 

Potential Mitigations

Phase: Implementation

Description: 

Declare returned data which should not be altered as constant or immutable.

Phase: Implementation

Description: 

Clone all mutable data before returning references to it. This is the preferred mitigation. This way, regardless of what changes are made to the data, a valid copy is retained for use by the class.

CVE References

CWE

CWE-337 – Predictable Seed in Pseudo-Random Number Generator (PRNG)

Read Time:1 Minute, 11 Second

Description

A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.

The use of predictable seeds significantly reduces the number of possible seeds that an attacker would need to test in order to predict which random numbers will be generated by the PRNG.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-335

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase:

Description: 

Use non-predictable inputs for seed generation.

Phase: Architecture and Design, Requirements

Description: 

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.

Phase: Implementation

Description: 

Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.

CVE References

  • CVE-2019-11495
    • server uses erlang:now() to seed the PRNG, which
      results in a small search space for potential random
      seeds
  • CVE-2008-0166
    • The removal of a couple lines of code caused Debian’s OpenSSL Package to only use the current process ID for seeding a PRNG
  • CVE-2016-10180
    • Router’s PIN generation is based on rand(time(0)) seeding.
  • CVE-2018-9057
    • cloud provider product uses a non-cryptographically secure PRNG and seeds it with the current time
CWE

CWE-338 – Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Read Time:57 Second

Description

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG’s algorithm is not cryptographically strong.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-330
CWE-330

 

Consequences

Access Control: Bypass Protection Mechanism

If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality.

 

Potential Mitigations

Phase: Implementation

Description: 

Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

CVE References

  • CVE-2009-3278
    • Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
  • CVE-2009-3238
    • Random number generator can repeatedly generate the same value.
  • CVE-2009-2367
    • Web application generates predictable session IDs, allowing session hijacking.
  • CVE-2008-0166
    • SSL library uses a weak random number generator that only generates 65,536 unique keys.
CWE

CWE-339 – Small Seed Space in PRNG

Read Time:1 Minute, 11 Second

Description

A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks.

PRNGs are entirely deterministic once seeded, so it should be extremely difficult to guess the seed. If an attacker can collect the outputs of a PRNG and then brute force the seed by trying every possibility to see which seed matches the observed output, then the attacker will know the output of any subsequent calls to the PRNG. A small seed space implies that the attacker will have far fewer possible values to try to exhaust all possibilities.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-335
CWE-341

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use well vetted pseudo-random number generating algorithms with adequate length seeds. Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a “random enough” number.

Phase: Architecture and Design, Requirements

Description: 

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.

CVE References

  • CVE-2019-10908
    • product generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has only a 48-bit seed.
CWE

CWE-34 – Path Traversal: ‘….//’

Read Time:45 Second

Description

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘….//’ (doubled dot dot slash) sequences that can resolve to a location that is outside of that directory.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-23

 

Consequences

Confidentiality, Integrity: Read Files or Directories, Modify Files or Directories

 

Potential Mitigations

Phase: Implementation

Effectiveness: High

Description: 

Phase: Implementation

Description: 

Inputs should be decoded and canonicalized to the application’s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

CVE References

  • CVE-2004-1670
    • Mail server allows remote attackers to create arbitrary directories via a “..” or rename arbitrary files via a “….//” in user supplied parameters.
CWE

CWE-341 – Predictable from Observable State

Read Time:1 Minute, 30 Second

Description

A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-340

 

Consequences

Other: Varies by Context

This weakness could be exploited by an attacker in a number ways depending on the context. If a predictable number is used to generate IDs or keys that are used within protection mechanisms, then an attacker could gain unauthorized access to the system. If predictable filenames are used for storing sensitive information, then an attacker might gain access to the system and may be able to gain access to the information in the file.

 

Potential Mitigations

Phase: Implementation

Description: 

Increase the entropy used to seed a PRNG.

Phase: Architecture and Design, Requirements

Description: 

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (“Approved Random Number Generators”).

Phase: Implementation

Description: 

Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.

CVE References

  • CVE-2002-0389
    • Mail server stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
  • CVE-2001-1141
    • PRNG allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
  • CVE-2000-0335
    • DNS resolver library uses predictable IDs, which allows a local attacker to spoof DNS query results.
  • CVE-2005-1636
    • MFV. predictable filename and insecure permissions allows file modification to execute SQL queries.
CWE

CWE-342 – Predictable Exact Value from Previous Values

Read Time:52 Second

Description

An exact value or random number can be precisely predicted by observing previous values.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-340

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase:

Description: 

Increase the entropy used to seed a PRNG.

Phase: Architecture and Design, Requirements

Description: 

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (“Approved Random Number Generators”).

Phase: Implementation

Description: 

Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.

CVE References

  • CVE-2002-1463
    • Firewall generates easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.
  • CVE-1999-0074
    • Listening TCP ports are sequentially allocated, allowing spoofing attacks.
  • CVE-2000-0335
    • DNS resolver uses predictable IDs, allowing a local user to spoof DNS query results.
CWE

CWE-343 – Predictable Value Range from Previous Values

Read Time:1 Minute, 13 Second

Description

The software’s random number generator produces a series of values which, when observed, can be used to infer a relatively small range of possibilities for the next value that could be generated.

The output of a random number generator should not be predictable based on observations of previous values. In some cases, an attacker cannot predict the exact value that will be produced next, but can narrow down the possibilities significantly. This reduces the amount of effort to perform a brute force attack. For example, suppose the product generates random numbers between 1 and 100, but it always produces a larger value until it reaches 100. If the generator produces an 80, then the attacker knows that the next value will be somewhere between 81 and 100. Instead of 100 possibilities, the attacker only needs to consider 20.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-340

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase:

Description: 

Increase the entropy used to seed a PRNG.

Phase: Architecture and Design, Requirements

Description: 

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C (“Approved Random Number Generators”).

Phase: Implementation

Description: 

Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.

CVE References