CWE-338

Medium likelihood

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Parent: CWE-330 - Use of Insufficiently Random Values

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

184 vulnerabilities with CWE-338
CVE-2018-25107 HIGH
Crypt::Random::Source <0.13 - Info Disclosure
CVSS 7.5
CVE-2018-15795 HIGH
Pivotal CredHub Service Broker <1.1.0 - Info Disclosure
CVSS 8.1
CVE-2018-17968 HIGH
RuletkaIo - Predictable Random Value Generation via Blockchain Timestamp and Hash
CVSS 7.5
CVE-2018-17877 HIGH
Greedy 599 - Predictable Random Value Generation via External Contract Call
CVSS 7.5
CVE-2018-12975 HIGH
CryptoSaga - Predictable Random Number Generation via Public Blockchain Variables
CVSS 7.5
CVE-2018-5871 MEDIUM
Qualcomm Snapdragon Firmware - Use of Cryptographically Weak PRNG in MAC Address Randomization
CVSS 6.5
CVE-2018-5837 HIGH
Qualcomm Snapdragon Firmware - Cryptographically Weak PRNG in MAC Address Randomization
CVSS 7.5
CVE-2018-11291 HIGH
Qualcomm Snapdragon - Use of Cryptographically Weak PRNG in NAN
CVSS 7.5
CVE-2018-11290 HIGH
Qualcomm Snapdragon Firmware - Cryptographically Weak PRNG in MAC Address Randomization
CVSS 7.5
CVE-2018-17071 HIGH
Lucky9io - Predictable Random Number Generation via Public Storage Variable
CVSS 7.5
CVE-2018-15552 HIGH
The Ethereum Lottery - Predictable Random Number Generation in PayWinner Function
CVSS 7.5
CVE-2018-16115 CRITICAL
Lightbend Akka <2.5.16 - Info Disclosure
CVSS 9.1
CVE-2018-12056 HIGH
All For One - Predictable Randomness via Publicly Readable Seed
CVSS 7.5
CVE-2018-12885 MEDIUM
MyCryptoChamp - Predictable Random Value Generation in randMod() Function
CVSS 5.9
CVE-2018-14715 HIGH
cryptogs - Predictable Random Number Generation via Block Hash
CVSS 7.5
CVE-2018-12454 HIGH
1000_guess - Predictable Random Number Generation in _addguess Function
CVSS 7.5
CVE-2017-16028 MEDIUM
react-native-meteor-oauth - Info Disclosure
CVSS 5.3
CVE-2017-18021 CRITICAL
qtpass < 1.2.1 - Use of Cryptographically Weak Pseudo-Random Number Generator in Password Generator
CVSS 9.8
CVE-2017-17845 HIGH
Enigmail < 1.9.9 - Use of Cryptographically Weak PRNG via Math.Random()
CVSS 7.3
CVE-2017-11671 MEDIUM
GCC 4.6-6.3 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVSS 4.0
CVE-2017-9230 HIGH
Bitcoin - Use of Cryptographically Weak Pseudo-Random Number Generator in Proof-of-Work Algorithm
CVSS 7.5
CVE-2017-8081 HIGH
GetSimple CMS 3.3.13 - Privilege Escalation and CSRF via Weak PRNG in Session Cookie
CVSS 8.8
CVE-2017-5493 HIGH
WordPress < 4.7 - Use of Cryptographically Weak PRNG in Multisite Signup Keys
CVSS 7.5
CVE-2015-9435 CRITICAL
WordPress oauth2-provider <3.1.5 - Info Disclosure
CVSS 9.8
CVE-2014-2362
OleumTech WIO DH2 - Info Disclosure
Details
Vulnerabilities 184
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits