CWE Reference
CWE-330: Use of Insufficiently Random Values
Official CWE-330 CWE context with Glexia analysis, remediation guidance, related CVEs, and ATT&CK context.
Release 4.20weaknessStable
Glexia's Take
CWE-330: Use of Insufficiently Random Values
Use of Insufficiently Random Values represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Executive Impact
- Confidentiality,Other: Other: When a protection mechanism relies on random values to restrict access to a sensitive resource, such as a session ID or a seed for generating a cryptographic key, then the resource being protected could be accessed by guessing the ID or key.
- Access Control,Other: Bypass Protection Mechanism,Other: If product relies on unique, unguessable IDs to identify a resource, an attacker might be able to guess an ID for a resource that is owned by another user. The attacker could then read the resource, or pre-create a resource with the same ID to prevent the legitimate program from properly sending the resource to the intended user. For example, a product might maintain session information in a file whose name is based on a username. An attacker could pre-create this file for a victim user, then set the permissions so that the application cannot generate the session for the victim, preventing the victim from using the application.
- Access Control: Bypass Protection Mechanism,Gain Privileges or Assume Identity: When an authorization or authentication mechanism relies on random values to restrict access to restricted functionality, such as a session ID or a seed for generating a cryptographic key, then an attacker may access the restricted functionality by guessing the ID or key.
Developer Pattern
CWE-330 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.
Confidence
high confidence from CWE-330, 4.20.
Official CWE Definition
CWE-330: Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
Developer And Remediation Guidance
How teams prevent and detect this weakness
Causes
- This code attempts to generate a unique random identifier for a user's session. Because the seed for the PRNG is always the user's ID, the session ID will always be the same. An attacker could thus predict any user's session ID and potentially hijack the session.,This example also exhibits a Small Seed Space (CWE-339).
- The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase. This code uses the Random.nextInt() function to generate "unique" identifiers for the receipt pages it generates. Because Random.nextInt() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG.
Remediation
- Architecture and Design: [object Object]
- Implementation: Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
- Architecture and Design,Requirements: Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
Detection
- Black Box: [object Object]
- Automated Static Analysis - Binary or Bytecode: [object Object]
- Manual Static Analysis - Binary or Bytecode: [object Object]
- Dynamic Analysis with Manual Results Interpretation: [object Object]
- Manual Static Analysis - Source Code: [object Object]
- Automated Static Analysis - Source Code: [object Object]
- Architecture or Design Review: [object Object]
Mappings
Related CVEs, CWEs, and ATT&CK context
Related CWEs
- CWE-1204: Generation of Weak Initialization Vector (IV)
- CWE-1241: Use of Predictable Algorithm in Random Number Generator
- CWE-693: Protection Mechanism Failure
- CWE-804: Guessable CAPTCHA
- CWE-331: Insufficient Entropy
- CWE-331: Insufficient Entropy
- CWE-334: Small Space of Random Values
- CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
- CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
- CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
- CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
- CWE-340: Generation of Predictable Numbers or Identifiers
ATT&CK Relevance
ATT&CK relevance is shown only when reviewed or responsibly inferred.