CWE-338

Medium likelihood

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Parent: CWE-330 - Use of Insufficiently Random Values

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

184 vulnerabilities with CWE-338
CVE-2021-22948 HIGH
revive-adserver <5.3.0 - Info Disclosure
CVSS 7.1
CVE-2021-27913 LOW
Mautic <3.3.4, <4.0.0 - Info Disclosure
CVSS 3.5
CVE-2021-3047 MEDIUM
Palo Alto Networks PAN-OS <8.1.19, <9.0.14, <9.1 - Privilege Escala...
CVSS 4.2
CVE-2021-37553 HIGH
JetBrains YouTrack <2021.2.16363 - Info Disclosure
CVSS 7.5
CVE-2021-3678 MEDIUM
showdoc < 2.9.8 - Use of Cryptographically Weak Pseudo-Random Number Generator
CVSS 5.9
CVE-2021-34430 HIGH
Eclipse TinyDTLS through 0.9-rc1 - Inadequate Encryption Strength via C Library rand Function
CVSS 7.5
CVE-2021-0131 MEDIUM
Intel Security Library < 3.3 - Authenticated Information Disclosure via Weak PRNG
CVSS 6.5
CVE-2021-3538 CRITICAL
github.com/satori/go.uuid - Info Disclosure
CVSS 9.8
CVE-2021-29245 MEDIUM
BTCPay Server <1.0.7.0 - Info Disclosure
CVSS 5.3
CVE-2021-23126 MEDIUM
Joomla! 3.2.0-3.9.24 - Use of Cryptographically Weak PRNG in 2FA Secret Generation
CVSS 5.3
CVE-2020-28924 HIGH
rclone < 1.53.3 - Insufficient Entropy in Password Generator
CVSS 7.5
CVE-2020-28642 CRITICAL
InfiniteWP Admin Panel <3.1.12.3 - Info Disclosure
CVSS 9.8
CVE-2020-11616 HIGH
Intel BMC Firmware < 3.38.30 - Use of Cryptographically Weak PRNG in IPMI Protocol Implementation
CVSS 7.5
CVE-2020-10560 MEDIUM
Open Source Social Network < 5.3 - Arbitrary File Read via Weak PRNG in SiteKey
CVSS 5.9
CVE-2019-14480 CRITICAL
AdRem NetCrunch 10.6.0.4587 - Auth Bypass
CVSS 9.8
CVE-2019-19794 MEDIUM
miekg Go DNS <1.1.25 - Info Disclosure
CVSS 5.9
CVE-2019-8113 MEDIUM
Magento <2.2.10-2.3.3/2.3.2-p1 - Info Disclosure
CVSS 5.3
CVE-2019-10755 MEDIUM
pac4j 3.0.0-3.8.1 - Predictable SAML Identifier via Weak PRNG in SAML2Utils.java
CVSS 4.9
CVE-2019-10754 HIGH
Apereo CAS <6.1.0-RC5 - Info Disclosure
CVSS 8.1
CVE-2019-16303 CRITICAL
JHipster <6.3.0 & JHipster Kotlin <=1.1.0 - Privilege Escalation
CVSS 9.8
CVE-2019-7860 HIGH
Magento <2.1.18-2.3.2 - Info Disclosure
CVSS 7.5
CVE-2019-7855 MEDIUM
Magento <2.1.18-2.3.2 - Info Disclosure
CVSS 5.3
CVE-2019-5440 HIGH
Revive Adserver < v4.2.1 - Auth Bypass
CVSS 8.1
CVE-2019-11842 HIGH
Matrix Sydent <1.0.3 & Synapse <0.99.3.1 - Info Disclosure
CVSS 7.5
CVE-2019-11808 LOW
Ratpack < 1.6.1 - Weak Session ID Generation via ThreadLocalRandom
CVSS 3.7
Details
Vulnerabilities 184
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits