CWE-331
AllowedInsufficient Entropy
Abstraction: Base · Status: Draft
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
207 vulnerabilities reference this CWE, most recent first.
GHSA-MG4X-PRH7-G4MX
Vulnerability from github – Published: 2024-06-07 22:25 – Updated: 2024-06-07 22:25In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as openssl_pseudo_random_bytes(). This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "zendframework/zend-captcha"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.4.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "zendframework/zend-captcha"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-07T22:25:12Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "In Zend Framework, `Zend_Captcha_Word` (v1) and `Zend\\Captcha\\Word` (v2) generate a \"word\" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP\u0027s internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.",
"id": "GHSA-mg4x-prh7-g4mx",
"modified": "2024-06-07T22:25:12Z",
"published": "2024-06-07T22:25:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/zendframework/zend-captcha/commit/43c276df6e94e498bf530538aea53876a24fc47c"
},
{
"type": "WEB",
"url": "https://github.com/zendframework/zend-captcha/commit/5561ef813bb4ad814e835343289dc5077d2eb262"
},
{
"type": "WEB",
"url": "https://framework.zend.com/security/advisory/ZF2015-09"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-captcha/ZF2015-09.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/zendframework/zend-captcha"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability"
}
GHSA-MHVF-GHPW-C93C
Vulnerability from github – Published: 2026-02-09 18:30 – Updated: 2026-02-09 18:30DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions.
This may allow an attacker to eventually extract secret keys through a DPA attack.
{
"affected": [],
"aliases": [
"CVE-2025-7432"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-09T18:16:05Z",
"severity": "LOW"
},
"details": "DPA countermeasures in Silicon Labs\u0027 Series 2 devices are not reseeded under certain conditions.\u00a0\n\nThis may allow an attacker to eventually extract secret keys through a DPA attack.",
"id": "GHSA-mhvf-ghpw-c93c",
"modified": "2026-02-09T18:30:31Z",
"published": "2026-02-09T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7432"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm00000b9fBW"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MP27-67W3-V3V9
Vulnerability from github – Published: 2023-07-03 21:30 – Updated: 2024-04-04 05:21?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.
{
"affected": [],
"aliases": [
"CVE-2023-36610"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-03T21:15:09Z",
"severity": "MODERATE"
},
"details": "\n?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.\n\n",
"id": "GHSA-mp27-67w3-v3v9",
"modified": "2024-04-04T05:21:02Z",
"published": "2023-07-03T21:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36610"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MX47-4MWG-XMMP
Vulnerability from github – Published: 2023-08-24 18:30 – Updated: 2024-04-04 07:10An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.
We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later
{
"affected": [],
"aliases": [
"CVE-2023-34973"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-24T17:15:08Z",
"severity": "MODERATE"
},
"details": "An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\n",
"id": "GHSA-mx47-4mwg-xmmp",
"modified": "2024-04-04T07:10:43Z",
"published": "2023-08-24T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34973"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-23-59"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P33M-2G5R-VX6V
Vulnerability from github – Published: 2023-03-23 18:30 – Updated: 2023-04-05 15:30A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. This vulnerability is due to insufficient entropy in the DRBG for the affected hardware platforms when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.
{
"affected": [],
"aliases": [
"CVE-2023-20107"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-23T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. This vulnerability is due to insufficient entropy in the DRBG for the affected hardware platforms when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.",
"id": "GHSA-p33m-2g5r-vx6v",
"modified": "2023-04-05T15:30:24Z",
"published": "2023-03-23T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20107"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa5500x-entropy-6v9bHVYP"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P53G-V548-5W7V
Vulnerability from github – Published: 2025-03-17 15:31 – Updated: 2025-03-17 15:31The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack.
{
"affected": [],
"aliases": [
"CVE-2024-9055"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-17T14:15:19Z",
"severity": "MODERATE"
},
"details": "The DPA countermeasures on Silicon Labs\u0027 Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack.",
"id": "GHSA-p53g-v548-5w7v",
"modified": "2025-03-17T15:31:48Z",
"published": "2025-03-17T15:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9055"
},
{
"type": "WEB",
"url": "https://community.silabs.com/069Vm00000LJMlfIAH"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P5JQ-5383-QVC7
Vulnerability from github – Published: 2025-09-09 09:31 – Updated: 2025-09-10 21:12A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "12.0.0"
},
{
"fixed": "12.4.37"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms-core"
},
"ranges": [
{
"events": [
{
"introduced": "13.0.0"
},
{
"fixed": "13.4.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59015"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-09T20:10:43Z",
"nvd_published_at": "2025-09-09T09:15:40Z",
"severity": "MODERATE"
},
"details": "A deterministic three\u2011character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0\u201312.4.36 and 13.0.0\u201313.4.17 reduces entropy, allowing attackers to carry out brute\u2011force attacks more quickly.",
"id": "GHSA-p5jq-5383-qvc7",
"modified": "2025-09-10T21:12:06Z",
"published": "2025-09-09T09:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59015"
},
{
"type": "WEB",
"url": "https://github.com/TYPO3-CMS/core/commit/d2057cc7b2c2db417a2af38c30cb9da42302ab70"
},
{
"type": "PACKAGE",
"url": "https://github.com/TYPO3-CMS/core"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-019"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "TYPO3 CMS uses insufficient entropy when generating passwords"
}
GHSA-PF46-GQG9-J3V3
Vulnerability from github – Published: 2019-07-05 21:08 – Updated: 2021-08-17 16:06DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "DotNetNuke.Core"
},
"ranges": [
{
"events": [
{
"introduced": "9.2.0"
},
{
"fixed": "9.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-15812"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": true,
"github_reviewed_at": "2019-07-05T21:01:22Z",
"nvd_published_at": "2019-07-03T17:15:00Z",
"severity": "HIGH"
},
"details": "DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.",
"id": "GHSA-pf46-gqg9-j3v3",
"modified": "2021-08-17T16:06:33Z",
"published": "2019-07-05T21:08:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15812"
},
{
"type": "WEB",
"url": "https://github.com/dnnsoftware/Dnn.Platform/releases"
},
{
"type": "WEB",
"url": "https://www.dnnsoftware.com/community/security/security-center"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Insufficient Entropy in DotNetNuke"
}
GHSA-PJM2-9JH6-VJW2
Vulnerability from github – Published: 2024-12-03 00:31 – Updated: 2024-12-18 21:30In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard.
{
"affected": [],
"aliases": [
"CVE-2018-9426"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-02T22:15:08Z",
"severity": "MODERATE"
},
"details": "In \u00a0RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java,\u00a0an incorrect implementation could cause weak RSA key pairs being generated.\u00a0This could lead to crypto vulnerability with no additional execution\u00a0privileges needed. User interaction is not needed for exploitation.\u00a0Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard.",
"id": "GHSA-pjm2-9jh6-vjw2",
"modified": "2024-12-18T21:30:52Z",
"published": "2024-12-03T00:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9426"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PJX8-984P-7P3X
Vulnerability from github – Published: 2024-05-15 21:42 – Updated: 2024-05-15 21:42Description
Because of the usage of base_convert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically safe.
Resolution
The token generation logic used in the 2.0.x branch based on base64 encoding has been backported. This changes the range of characters used in the token. Any route placeholder expected to match a token generated by FOSUserBundle must be updated to allow dashes, which are not allowed by \w in regexes. A \w+ requirement should so become [\w-]+.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "friendsofsymfony/user-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.3.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-15T21:42:25Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Description\nBecause of the usage of base_convert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically safe.\n\n### Resolution\nThe token generation logic used in the 2.0.x branch based on base64 encoding has been backported. This changes the range of characters used in the token. Any route placeholder expected to match a token generated by FOSUserBundle must be updated to allow dashes, which are not allowed by \\w in regexes. A \\w+ requirement should so become [\\w\\-]+.",
"id": "GHSA-pjx8-984p-7p3x",
"modified": "2024-05-15T21:42:25Z",
"published": "2024-05-15T21:42:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/FriendsOfSymfony/FOSUserBundle/commit/b3ebfea52065e9727508f5f8e6c9f7459a1b06d8"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/user-bundle/2014-09-04-1.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/FriendsOfSymfony/FOSUserBundle"
},
{
"type": "WEB",
"url": "https://symfony.com/blog/fosuserbundle-entropy-of-generated-tokens-is-lost"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "FOSUserBundle Entropy is lost in the TokenGenerator"
}
Mitigation
Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.