Common Weakness Enumeration

CWE-338

Allowed

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Abstraction: Base · Status: Draft

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

293 vulnerabilities reference this CWE, most recent first.

GHSA-98R5-R223-6XWF

Vulnerability from github – Published: 2026-03-05 03:31 – Updated: 2026-03-05 21:30
VLAI
Details

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.

Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.

Data::Rand::Obscure uses Perl's built-in rand() function, which is not suitable for cryptographic functions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57854"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-05T03:15:53Z",
    "severity": "CRITICAL"
  },
  "details": "Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator.\n\nVersion v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors.\n\nData::Rand::Obscure uses Perl\u0027s built-in rand() function, which is not suitable for cryptographic functions.",
  "id": "GHSA-98r5-r223-6xwf",
  "modified": "2026-03-05T21:30:38Z",
  "published": "2026-03-05T03:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57854"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/DOUGDUDE/Net-NSCA-Client-0.009002/source/lib/Net/NSCA/Client/InitialPacket.pm#L119"
    },
    {
      "type": "WEB",
      "url": "https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/05/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-99F2-VHMM-9FW8

Vulnerability from github – Published: 2025-01-02 06:30 – Updated: 2025-04-08 09:31
VLAI
Details

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56830"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-02T05:15:07Z",
    "severity": "MODERATE"
  },
  "details": "The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl\u0027s builtin rand() if no strong randomization module is present.",
  "id": "GHSA-99f2-vhmm-9fw8",
  "modified": "2025-04-08T09:31:09Z",
  "published": "2025-01-02T06:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56830"
    },
    {
      "type": "WEB",
      "url": "https://github.com/briandfoy/cpan-security-advisory/issues/184"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/MNAGUIB/EasyTCP-0.26/changes"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9FP2-68JW-464M

Vulnerability from github – Published: 2022-04-12 00:00 – Updated: 2022-04-16 00:01
VLAI
Details

The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-11T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.",
  "id": "GHSA-9fp2-68jw-464m",
  "modified": "2022-04-16T00:01:10Z",
  "published": "2022-04-12T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0828"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/7f0742ad-6fd7-4258-9e44-d42e138789bb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9GWW-CR64-679C

Vulnerability from github – Published: 2026-02-17 00:30 – Updated: 2026-02-17 15:31
VLAI
Details

Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,

  • There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.
  • The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.
  • UUIDs are identifiers whose mere possession grants access, as per RFC 9562.
  • The output of the built-in rand() function is predictable and unsuitable for security applications.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2439"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-16T22:22:41Z",
    "severity": "CRITICAL"
  },
  "details": "Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl\u0027s built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,\n\n  *  There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.\n  *  The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.\n  *  UUIDs are identifiers whose mere possession grants access, as per RFC 9562.\n  *  The output of the built-in rand() function is predictable and unsuitable for security applications.",
  "id": "GHSA-9gww-cr64-679c",
  "modified": "2026-02-17T15:31:35Z",
  "published": "2026-02-17T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2439"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bwva/Concierge-Sessions/commit/20bb28e92e8fba307c4ff8264701c215be65e73b"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/BVA/Concierge-Sessions-v0.8.4/diff/BVA/Concierge-Sessions-v0.8.5#lib/Concierge/Sessions/Base.pm"
    },
    {
      "type": "WEB",
      "url": "https://perldoc.perl.org/5.42.0/functions/rand"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    },
    {
      "type": "WEB",
      "url": "https://www.rfc-editor.org/rfc/rfc9562.html#name-security-considerations"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9Q2F-7HM7-62H6

Vulnerability from github – Published: 2022-09-19 00:00 – Updated: 2022-09-22 00:00
VLAI
Details

profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40769"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-18T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.",
  "id": "GHSA-9q2f-7hm7-62h6",
  "modified": "2022-09-22T00:00:30Z",
  "published": "2022-09-19T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40769"
    },
    {
      "type": "WEB",
      "url": "https://github.com/johguse/profanity/issues/61"
    },
    {
      "type": "WEB",
      "url": "https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/johguse/profanity"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9QFG-3VC9-GP3W

Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34
VLAI
Details

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-28642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-16T02:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.",
  "id": "GHSA-9qfg-3vc9-gp3w",
  "modified": "2022-05-24T17:34:20Z",
  "published": "2022-05-24T17:34:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28642"
    },
    {
      "type": "WEB",
      "url": "https://www.whitehack.de/advisories/HWADV2020-001.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-9QGP-G97V-QQ69

Vulnerability from github – Published: 2022-05-14 03:32 – Updated: 2022-05-14 03:32
VLAI
Details

Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-11671"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-26T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.",
  "id": "GHSA-9qgp-g97v-qq69",
  "modified": "2022-05-14T03:32:25Z",
  "published": "2022-05-14T03:32:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11671"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0849"
    },
    {
      "type": "WEB",
      "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180"
    },
    {
      "type": "WEB",
      "url": "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2017/07/27/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9X23-XCRX-FQ3Q

Vulnerability from github – Published: 2025-03-26 12:30 – Updated: 2025-03-26 21:31
VLAI
Details

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.

This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.

This issue affects DBIx::Class::EncodedColumn until 0.00032.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27552"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-26T11:15:39Z",
    "severity": "MODERATE"
  },
  "details": "DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.\n\nThis vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm.\n\nThis issue affects DBIx::Class::EncodedColumn until 0.00032.",
  "id": "GHSA-9x23-xcrx-fq3q",
  "modified": "2025-03-26T21:31:06Z",
  "published": "2025-03-26T12:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27552"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C4R2-3F9R-RWP8

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2023-09-26 18:05
VLAI
Summary
Magento 2 Community Weak PRNG
Details

Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "magento/community-edition"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2-p1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-8113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-18T20:05:29Z",
    "nvd_published_at": "2019-11-05T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.",
  "id": "GHSA-c4r2-3f9r-rwp8",
  "modified": "2023-09-26T18:05:26Z",
  "published": "2022-05-24T17:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8113"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-8113.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/magento/magento2"
    },
    {
      "type": "WEB",
      "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20220121051105/https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Magento 2 Community Weak PRNG"
}

GHSA-CC4W-4629-8RC3

Vulnerability from github – Published: 2025-04-02 15:31 – Updated: 2025-04-03 21:32
VLAI
Details

Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1805"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-02T13:15:40Z",
    "severity": "MODERATE"
  },
  "details": "Crypt::Salt for Perl version 0.01 uses insecure rand() function when generating salts for cryptographic purposes.",
  "id": "GHSA-cc4w-4629-8rc3",
  "modified": "2025-04-03T21:32:57Z",
  "published": "2025-04-02T15:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1805"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/HACHI/Crypt-Salt-0.01/source/lib/Crypt/Salt.pm#L76"
    },
    {
      "type": "WEB",
      "url": "https://perldoc.perl.org/functions/rand"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

No CAPEC attack patterns related to this CWE.