CWE-330
DiscouragedUse of Insufficiently Random Values
Abstraction: Class · Status: Stable
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
446 vulnerabilities reference this CWE, most recent first.
GHSA-6HFM-9HRF-689C
Vulnerability from github – Published: 2022-08-03 00:00 – Updated: 2022-08-11 00:00In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
{
"affected": [],
"aliases": [
"CVE-2022-29808"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-02T22:15:00Z",
"severity": "HIGH"
},
"details": "In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.",
"id": "GHSA-6hfm-9hrf-689c",
"modified": "2022-08-11T00:00:38Z",
"published": "2022-08-03T00:00:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29808"
},
{
"type": "WEB",
"url": "https://support.quest.com/kace-systems-management-appliance/kb/338163/quest-response-to-kace-sma-vulnerabilities-cve-2022-29808"
},
{
"type": "WEB",
"url": "https://support.quest.com/kb/338163"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6M3X-96C5-H568
Vulnerability from github – Published: 2022-05-02 00:01 – Updated: 2024-02-14 18:30The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.
{
"affected": [],
"aliases": [
"CVE-2008-3612"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-09-11T01:13:00Z",
"severity": "HIGH"
},
"details": "The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.",
"id": "GHSA-6m3x-96c5-h568",
"modified": "2024-02-14T18:30:23Z",
"published": "2022-05-02T00:01:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3612"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31823"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31900"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3026"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3129"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/31092"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1020848"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/2558"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6PMV-7PR9-CGRJ
Vulnerability from github – Published: 2020-04-15 21:09 – Updated: 2021-08-23 15:17A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1731"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-341"
],
"github_reviewed": true,
"github_reviewed_at": "2020-04-15T20:59:00Z",
"nvd_published_at": "2020-03-02T17:15:00Z",
"severity": "CRITICAL"
},
"details": "A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.",
"id": "GHSA-6pmv-7pr9-cgrj",
"modified": "2021-08-23T15:17:35Z",
"published": "2020-04-15T21:09:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1731"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1731"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Predictable password in Keycloak"
}
GHSA-6R5Q-PFQQ-GH34
Vulnerability from github – Published: 2022-05-01 23:27 – Updated: 2024-02-14 18:30The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
{
"affected": [],
"aliases": [
"CVE-2008-0087"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-04-08T23:05:00Z",
"severity": "HIGH"
},
"details": "The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.",
"id": "GHSA-6r5q-pfqq-gh34",
"modified": "2024-02-14T18:30:23Z",
"published": "2022-05-01T23:27:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0087"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-020"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5314"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=120845064910729\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/29696"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/490575/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/28553"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1019802"
},
{
"type": "WEB",
"url": "http://www.trusteer.com/docs/windowsresolver.html"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-099A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/1144/references"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6RJR-WMHF-5X38
Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-17 00:01On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
{
"affected": [],
"aliases": [
"CVE-2022-26071"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-05T17:15:00Z",
"severity": "HIGH"
},
"details": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
"id": "GHSA-6rjr-wmhf-5x38",
"modified": "2022-05-17T00:01:51Z",
"published": "2022-05-06T00:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26071"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K41440465"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6W4F-6FR3-4C72
Vulnerability from github – Published: 2023-06-12 21:30 – Updated: 2024-04-04 04:44Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user’s session.
{
"affected": [],
"aliases": [
"CVE-2023-1898"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-334"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-12T20:15:11Z",
"severity": "HIGH"
},
"details": "Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. An attacker could enter a session ID number to retrieve data for an active user\u2019s session.",
"id": "GHSA-6w4f-6fr3-4c72",
"modified": "2024-04-04T04:44:17Z",
"published": "2023-06-12T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1898"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-159-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6X93-H9G3-9PHR
Vulnerability from github – Published: 2022-07-26 00:01 – Updated: 2022-08-06 09:35The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "otp-generator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23451"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-06T09:35:03Z",
"nvd_published_at": "2022-07-25T14:15:00Z",
"severity": "CRITICAL"
},
"details": "The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack.",
"id": "GHSA-6x93-h9g3-9phr",
"modified": "2022-08-06T09:35:03Z",
"published": "2022-07-26T00:01:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23451"
},
{
"type": "WEB",
"url": "https://github.com/Maheshkumar-Kakade/otp-generator/issues/12"
},
{
"type": "WEB",
"url": "https://github.com/Maheshkumar-Kakade/otp-generator/commit/b27de1ce439ae7f533cec26677e9698671275b70"
},
{
"type": "PACKAGE",
"url": "https://github.com/Maheshkumar-Kakade/otp-generator"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-OTPGENERATOR-1655480"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "otp-generator before v3.0.0 insecurely generates random one-time passwords"
}
GHSA-6XPG-GW5J-9X8W
Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 00:26gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
{
"affected": [],
"aliases": [
"CVE-2019-11690"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-03T13:29:00Z",
"severity": "MODERATE"
},
"details": "gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.",
"id": "GHSA-6xpg-gw5j-9x8w",
"modified": "2024-04-04T00:26:37Z",
"published": "2022-05-24T16:45:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11690"
},
{
"type": "WEB",
"url": "https://patchwork.ozlabs.org/patch/1092945"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-72P8-V4HG-V45P
Vulnerability from github – Published: 2022-06-01 19:50 – Updated: 2022-06-15 18:57During an X25519 key exchange, the client’s private is generated with System.Random:
var rnd = new Random();
_privateKey = new byte[MontgomeryCurve25519.PrivateKeySizeInBytes];
rnd.NextBytes(_privateKey);
Source: KeyExchangeECCurve25519.cs
Source commit: https://github.com/sshnet/SSH.NET/commit/b58a11c0da55da1f5bad46faad2e9b71b7cb35b3
System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes.
Impact
When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be bruteforced. This allows an attacker able to eavesdrop the communications to decrypt them.
Workarounds
To ensure you're not affected by this vulnerability, you can disable support for curve25519-sha256 and curve25519-sha256@libssh.org key exchange algorithms by invoking the following method before a connection is established:
private static void RemoveUnsecureKEX(BaseClient client)
{
client.ConnectionInfo.KeyExchangeAlgorithms.Remove("curve25519-sha256");
client.ConnectionInfo.KeyExchangeAlgorithms.Remove("curve25519-sha256@libssh.org");
}
Thanks
This issue was initially reported by Siemens AG, Digital Industries, shortly followed by @yaumn-synacktiv.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "SSH.NET"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2020.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29245"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-338"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-01T19:50:15Z",
"nvd_published_at": "2022-05-31T17:15:00Z",
"severity": "MODERATE"
},
"details": "During an **X25519** key exchange, the client\u2019s private is generated with [**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.random):\n\n```cs\nvar rnd = new Random();\n_privateKey = new byte[MontgomeryCurve25519.PrivateKeySizeInBytes];\nrnd.NextBytes(_privateKey);\n```\n\nSource: [KeyExchangeECCurve25519.cs](https://github.com/sshnet/SSH.NET/blob/bc99ada7da3f05f50d9379f2644941d91d5bf05a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs#L51) \nSource commit: https://github.com/sshnet/SSH.NET/commit/b58a11c0da55da1f5bad46faad2e9b71b7cb35b3\n\n[**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.random) is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes.\n\n### Impact\nWhen establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with\na weak random number generator whose seed can be bruteforced. This allows an attacker able to eavesdrop the\ncommunications to decrypt them.\n\n### Workarounds\nTo ensure you\u0027re not affected by this vulnerability, you can disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms by invoking the following method before a connection is established:\n```cs\nprivate static void RemoveUnsecureKEX(BaseClient client)\n{\n client.ConnectionInfo.KeyExchangeAlgorithms.Remove(\"curve25519-sha256\");\n client.ConnectionInfo.KeyExchangeAlgorithms.Remove(\"curve25519-sha256@libssh.org\");\n}\n```\n\n### Thanks\n\nThis issue was initially reported by **Siemens AG, Digital Industries**, shortly followed by @yaumn-synacktiv.",
"id": "GHSA-72p8-v4hg-v45p",
"modified": "2022-06-15T18:57:58Z",
"published": "2022-06-01T19:50:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sshnet/SSH.NET/security/advisories/GHSA-72p8-v4hg-v45p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29245"
},
{
"type": "WEB",
"url": "https://github.com/sshnet/SSH.NET/commit/03c6d60736b8f7b42e44d6989a53f9b644a091fb"
},
{
"type": "WEB",
"url": "https://github.com/sshnet/SSH.NET/commit/f1f273cf349532b9d41c1de51d3b83a9accedc88"
},
{
"type": "PACKAGE",
"url": "https://github.com/sshnet/SSH.NET"
},
{
"type": "WEB",
"url": "https://github.com/sshnet/SSH.NET/blob/bc99ada7da3f05f50d9379f2644941d91d5bf05a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs#L51"
},
{
"type": "WEB",
"url": "https://github.com/sshnet/SSH.NET/releases/tag/2020.0.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Weak private key generation in SSH.NET"
}
GHSA-74RF-2VG8-WH2P
Vulnerability from github – Published: 2024-07-01 15:32 – Updated: 2024-07-01 15:32Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.
{
"affected": [],
"aliases": [
"CVE-2024-21460"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T15:15:14Z",
"severity": "HIGH"
},
"details": "Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space.",
"id": "GHSA-74rf-2vg8-wh2p",
"modified": "2024-07-01T15:32:42Z",
"published": "2024-07-01T15:32:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21460"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation MIT-2
Strategy: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.