Common Weakness Enumeration

CWE-331

Allowed

Insufficient Entropy

Abstraction: Base · Status: Draft

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

207 vulnerabilities reference this CWE, most recent first.

GHSA-MG4X-PRH7-G4MX

Vulnerability from github – Published: 2024-06-07 22:25 – Updated: 2024-06-07 22:25
VLAI
Summary
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
Details

In Zend Framework, Zend_Captcha_Word (v1) and Zend\Captcha\Word (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as openssl_pseudo_random_bytes(). This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "zendframework/zend-captcha"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.4.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "zendframework/zend-captcha"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-07T22:25:12Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "In Zend Framework, `Zend_Captcha_Word` (v1) and `Zend\\Captcha\\Word` (v2) generate a \"word\" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP\u0027s internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.",
  "id": "GHSA-mg4x-prh7-g4mx",
  "modified": "2024-06-07T22:25:12Z",
  "published": "2024-06-07T22:25:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/zendframework/zend-captcha/commit/43c276df6e94e498bf530538aea53876a24fc47c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zendframework/zend-captcha/commit/5561ef813bb4ad814e835343289dc5077d2eb262"
    },
    {
      "type": "WEB",
      "url": "https://framework.zend.com/security/advisory/ZF2015-09"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-captcha/ZF2015-09.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zendframework/zend-captcha"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability"
}

GHSA-MHVF-GHPW-C93C

Vulnerability from github – Published: 2026-02-09 18:30 – Updated: 2026-02-09 18:30
VLAI
Details

DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. 

This may allow an attacker to eventually extract secret keys through a DPA attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-09T18:16:05Z",
    "severity": "LOW"
  },
  "details": "DPA countermeasures in Silicon Labs\u0027 Series 2 devices are not reseeded under certain conditions.\u00a0\n\nThis may allow an attacker to eventually extract secret keys through a DPA attack.",
  "id": "GHSA-mhvf-ghpw-c93c",
  "modified": "2026-02-09T18:30:31Z",
  "published": "2026-02-09T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7432"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/068Vm00000b9fBW"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MP27-67W3-V3V9

Vulnerability from github – Published: 2023-07-03 21:30 – Updated: 2024-04-04 05:21
VLAI
Details

?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36610"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-03T21:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\n?The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.\n\n",
  "id": "GHSA-mp27-67w3-v3v9",
  "modified": "2024-04-04T05:21:02Z",
  "published": "2023-07-03T21:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36610"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MX47-4MWG-XMMP

Vulnerability from github – Published: 2023-08-24 18:30 – Updated: 2024-04-04 07:10
VLAI
Details

An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.

We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-34973"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-24T17:15:08Z",
    "severity": "MODERATE"
  },
  "details": "An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\n",
  "id": "GHSA-mx47-4mwg-xmmp",
  "modified": "2024-04-04T07:10:43Z",
  "published": "2023-08-24T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34973"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-23-59"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P33M-2G5R-VX6V

Vulnerability from github – Published: 2023-03-23 18:30 – Updated: 2023-04-05 15:30
VLAI
Details

A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. This vulnerability is due to insufficient entropy in the DRBG for the affected hardware platforms when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20107"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-23T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. This vulnerability is due to insufficient entropy in the DRBG for the affected hardware platforms when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device.",
  "id": "GHSA-p33m-2g5r-vx6v",
  "modified": "2023-04-05T15:30:24Z",
  "published": "2023-03-23T18:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20107"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa5500x-entropy-6v9bHVYP"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P53G-V548-5W7V

Vulnerability from github – Published: 2025-03-17 15:31 – Updated: 2025-03-17 15:31
VLAI
Details

The DPA countermeasures on Silicon Labs' Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-9055"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-17T14:15:19Z",
    "severity": "MODERATE"
  },
  "details": "The DPA countermeasures on Silicon Labs\u0027 Series 2 devices are not reseeded periodically as they should be. This may allow an attacker to eventually extract secret keys through a DPA attack.",
  "id": "GHSA-p53g-v548-5w7v",
  "modified": "2025-03-17T15:31:48Z",
  "published": "2025-03-17T15:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9055"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/069Vm00000LJMlfIAH"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-P5JQ-5383-QVC7

Vulnerability from github – Published: 2025-09-09 09:31 – Updated: 2025-09-10 21:12
VLAI
Summary
TYPO3 CMS uses insufficient entropy when generating passwords
Details

A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.4.37"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "typo3/cms-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "13.0.0"
            },
            {
              "fixed": "13.4.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59015"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-09-09T20:10:43Z",
    "nvd_published_at": "2025-09-09T09:15:40Z",
    "severity": "MODERATE"
  },
  "details": "A deterministic three\u2011character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0\u201312.4.36 and 13.0.0\u201313.4.17 reduces entropy, allowing attackers to carry out brute\u2011force attacks more quickly.",
  "id": "GHSA-p5jq-5383-qvc7",
  "modified": "2025-09-10T21:12:06Z",
  "published": "2025-09-09T09:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59015"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TYPO3-CMS/core/commit/d2057cc7b2c2db417a2af38c30cb9da42302ab70"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/TYPO3-CMS/core"
    },
    {
      "type": "WEB",
      "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "TYPO3 CMS uses insufficient entropy when generating passwords"
}

GHSA-PF46-GQG9-J3V3

Vulnerability from github – Published: 2019-07-05 21:08 – Updated: 2021-08-17 16:06
VLAI
Summary
Insufficient Entropy in DotNetNuke
Details

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "DotNetNuke.Core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.2.0"
            },
            {
              "fixed": "9.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-15812"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-07-05T21:01:22Z",
    "nvd_published_at": "2019-07-03T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.",
  "id": "GHSA-pf46-gqg9-j3v3",
  "modified": "2021-08-17T16:06:33Z",
  "published": "2019-07-05T21:08:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15812"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dnnsoftware/Dnn.Platform/releases"
    },
    {
      "type": "WEB",
      "url": "https://www.dnnsoftware.com/community/security/security-center"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insufficient Entropy in DotNetNuke"
}

GHSA-PJM2-9JH6-VJW2

Vulnerability from github – Published: 2024-12-03 00:31 – Updated: 2024-12-18 21:30
VLAI
Details

In  RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-02T22:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In \u00a0RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java,\u00a0an incorrect implementation could cause weak RSA key pairs being generated.\u00a0This could lead to crypto vulnerability with no additional execution\u00a0privileges needed. User interaction is not needed for exploitation.\u00a0Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard.",
  "id": "GHSA-pjm2-9jh6-vjw2",
  "modified": "2024-12-18T21:30:52Z",
  "published": "2024-12-03T00:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9426"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/docs/security/bulletin/pixel/2018-07-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PJX8-984P-7P3X

Vulnerability from github – Published: 2024-05-15 21:42 – Updated: 2024-05-15 21:42
VLAI
Summary
FOSUserBundle Entropy is lost in the TokenGenerator
Details

Description

Because of the usage of base_convert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically safe.

Resolution

The token generation logic used in the 2.0.x branch based on base64 encoding has been backported. This changes the range of characters used in the token. Any route placeholder expected to match a token generated by FOSUserBundle must be updated to allow dashes, which are not allowed by \w in regexes. A \w+ requirement should so become [\w-]+.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "friendsofsymfony/user-bundle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T21:42:25Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Description\nBecause of the usage of base_convert which looses precision for large inputs, the entropy of tokens generated by FOSUserBundle for the email confirmation and password resetting is lost. This makes these tokens much less random than they are expected to be, and so not cryptographically safe.\n\n### Resolution\nThe token generation logic used in the 2.0.x branch based on base64 encoding has been backported. This changes the range of characters used in the token. Any route placeholder expected to match a token generated by FOSUserBundle must be updated to allow dashes, which are not allowed by \\w in regexes. A \\w+ requirement should so become [\\w\\-]+.",
  "id": "GHSA-pjx8-984p-7p3x",
  "modified": "2024-05-15T21:42:25Z",
  "published": "2024-05-15T21:42:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfSymfony/FOSUserBundle/commit/b3ebfea52065e9727508f5f8e6c9f7459a1b06d8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/friendsofsymfony/user-bundle/2014-09-04-1.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FriendsOfSymfony/FOSUserBundle"
    },
    {
      "type": "WEB",
      "url": "https://symfony.com/blog/fosuserbundle-entropy-of-generated-tokens-is-lost"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "FOSUserBundle Entropy is lost in the TokenGenerator"
}

Mitigation
Implementation

Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.