Tag Archives: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-338 – Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Read Time:57 Second

Description

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG’s algorithm is not cryptographically strong.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-330
CWE-330

 

Consequences

Access Control: Bypass Protection Mechanism

If a PRNG is used for authentication and authorization, such as a session ID or a seed for generating a cryptographic key, then an attacker may be able to easily guess the ID or cryptographic key and gain access to restricted functionality.

 

Potential Mitigations

Phase: Implementation

Description: 

Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

CVE References

  • CVE-2009-3278
    • Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
  • CVE-2009-3238
    • Random number generator can repeatedly generate the same value.
  • CVE-2009-2367
    • Web application generates predictable session IDs, allowing session hijacking.
  • CVE-2008-0166
    • SSL library uses a weak random number generator that only generates 65,536 unique keys.