CWE-335
AllowedIncorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Abstraction: Base · Status: Draft
The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.
53 vulnerabilities reference this CWE, most recent first.
GHSA-VJFH-J2FF-QXW8
Vulnerability from github – Published: 2022-10-14 12:00 – Updated: 2025-05-16 15:30D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.
{
"affected": [],
"aliases": [
"CVE-2022-42159"
],
"database_specific": {
"cwe_ids": [
"CWE-335",
"CWE-338"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-13T19:15:00Z",
"severity": "MODERATE"
},
"details": "D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.",
"id": "GHSA-vjfh-j2ff-qxw8",
"modified": "2025-05-16T15:30:30Z",
"published": "2022-10-14T12:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42159"
},
{
"type": "WEB",
"url": "https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf"
},
{
"type": "WEB",
"url": "https://www.dlink.com/en/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X5R5-Q987-6XF6
Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.
{
"affected": [],
"aliases": [
"CVE-2018-1426"
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-22T12:29:00Z",
"severity": "CRITICAL"
},
"details": "IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.",
"id": "GHSA-x5r5-q987-6xf6",
"modified": "2022-05-13T01:19:07Z",
"published": "2022-05-13T01:19:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1426"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/139071"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22013756"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105580"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041012"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X62R-6WV3-49PM
Vulnerability from github – Published: 2024-02-02 00:31 – Updated: 2024-02-09 21:30Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.
{
"affected": [],
"aliases": [
"CVE-2023-4472"
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-01T22:15:55Z",
"severity": "CRITICAL"
},
"details": "Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.",
"id": "GHSA-x62r-6wv3-49pm",
"modified": "2024-02-09T21:30:57Z",
"published": "2024-02-02T00:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4472"
},
{
"type": "WEB",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0002.md"
},
{
"type": "WEB",
"url": "https://www.objectplanet.com/opinio/changelog.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.