Common Weakness Enumeration

CWE-338

Allowed

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Abstraction: Base · Status: Draft

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

293 vulnerabilities reference this CWE, most recent first.

GHSA-H3G4-WMRW-RM63

Vulnerability from github – Published: 2026-06-16 00:34 – Updated: 2026-06-16 18:32
VLAI
Details

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.

The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11832"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T22:16:15Z",
    "severity": "CRITICAL"
  },
  "details": "Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.\n\nThe default nonce was generated using an MD5 hash of the epoch time, which is predictable.",
  "id": "GHSA-h3g4-wmrw-rm63",
  "modified": "2026-06-16T18:32:33Z",
  "published": "2026-06-16T00:34:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11832"
    },
    {
      "type": "WEB",
      "url": "https://datatracker.ietf.org/doc/html/rfc5849#section-3.3"
    },
    {
      "type": "WEB",
      "url": "https://datatracker.ietf.org/doc/html/rfc5849#section-4.9"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/BIAFRA/Dancer2-Plugin-Auth-OAuth-0.22/changes"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22376"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H4GQ-Q399-XM7R

Vulnerability from github – Published: 2022-05-14 02:20 – Updated: 2022-05-14 02:20
VLAI
Details

The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-07T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards.",
  "id": "GHSA-h4gq-q399-xm7r",
  "modified": "2022-05-14T02:20:31Z",
  "published": "2022-05-14T02:20:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12885"
    },
    {
      "type": "WEB",
      "url": "https://etherscan.io/address/0x689FB61845488297dfE7586E5f7956475955d2Dc"
    },
    {
      "type": "WEB",
      "url": "https://etherscan.io/address/0xa44e464b13280340904ffef0a65b8a0033460430"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/coinmonks/get-legendary-items-by-breaking-pnrg-of-mycyptochamp-an-ethereum-online-game-cve-2018-12855-6e6beb41b8df"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HCM7-VVXH-5CRX

Vulnerability from github – Published: 2024-02-08 21:30 – Updated: 2024-02-15 18:30
VLAI
Details

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23660"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-08T20:15:52Z",
    "severity": "HIGH"
  },
  "details": "The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets.",
  "id": "GHSA-hcm7-vvxh-5crx",
  "modified": "2024-02-15T18:30:40Z",
  "published": "2024-02-08T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23660"
    },
    {
      "type": "WEB",
      "url": "https://milksad.info/posts/research-update-5"
    },
    {
      "type": "WEB",
      "url": "https://secbit.io/blog/en/2024/01/19/trust-wallets-fomo3d-summer-vuln"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX58-X97G-CC9P

Vulnerability from github – Published: 2022-05-14 03:18 – Updated: 2022-05-14 03:18
VLAI
Details

** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9230"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-24T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability.",
  "id": "GHSA-hx58-x97g-cc9p",
  "modified": "2022-05-14T03:18:09Z",
  "published": "2022-05-14T03:18:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9230"
    },
    {
      "type": "WEB",
      "url": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf"
    },
    {
      "type": "WEB",
      "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98657"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HX6M-XFX3-6P5X

Vulnerability from github – Published: 2025-04-07 15:31 – Updated: 2025-04-07 21:32
VLAI
Details

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test programs". Data::Random uses the rand() function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-58036"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331",
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-05T16:15:33Z",
    "severity": "MODERATE"
  },
  "details": "Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nSpecifically Net::Dropbox::API uses the Data::Random library which specifically states that it is \"Useful mostly for test programs\". Data::Random uses the rand() function.",
  "id": "GHSA-hx6m-xfx3-6p5x",
  "modified": "2025-04-07T21:32:07Z",
  "published": "2025-04-07T15:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58036"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/BAREFOOT/Data-Random-0.13/source/lib/Data/Random.pm#L537"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L11"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/NORBU/Net-Dropbox-API-1.9/source/lib/Net/Dropbox/API.pm#L385"
    },
    {
      "type": "WEB",
      "url": "https://perldoc.perl.org/functions/rand"
    },
    {
      "type": "WEB",
      "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HXP2-C3HQ-RCQ5

Vulnerability from github – Published: 2024-05-23 09:30 – Updated: 2024-05-23 09:30
VLAI
Details

Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5264"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-23T09:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis",
  "id": "GHSA-hxp2-c3hq-rcq5",
  "modified": "2024-05-23T09:30:29Z",
  "published": "2024-05-23T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5264"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.thalesgroup.com/csm?id=kb_article_view\u0026sys_kb_id=50da3cd9c302c218204e2a6ce00131b9\u0026sysparm_article=KB0028531"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J37G-G7HG-VHG6

Vulnerability from github – Published: 2026-07-01 06:31 – Updated: 2026-07-09 06:31
VLAI
Details

UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes() function seeds libc rand() with time(0) + getpid() + rand() and generates a 16-byte challenge. The combined seed space is approximately 31 bits (libc rand() internal state) and is entirely determined by publicly-observable values (wall-clock time and process ID). An attacker who can observe the authentication exchange can enumerate the seed space and predict the challenge within seconds, enabling forgery or offline brute-forcing of responses. Note: on Windows, the active code path may use vncEncryptBytes2.cpp which calls CryptGenRandom; reachability on shipped Windows binaries requires compile-graph verification and is under investigation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-44040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-01T05:16:20Z",
    "severity": "MODERATE"
  },
  "details": "UltraVNC through 1.8.2.2 uses a cryptographically weak pseudo-random number generator to produce VNC authentication challenge bytes. In rfb/vncauth.c:119-129, the vncRandomBytes() function seeds libc rand() with time(0) + getpid() + rand() and generates a 16-byte challenge. The combined seed space is approximately 31 bits (libc rand() internal state) and is entirely determined by publicly-observable values (wall-clock time and process ID). An attacker who can observe the authentication exchange can enumerate the seed space and predict the challenge within seconds, enabling forgery or offline brute-forcing of responses. Note: on Windows, the active code path may use vncEncryptBytes2.cpp which calls CryptGenRandom; reachability on shipped Windows binaries requires compile-graph verification and is under investigation.",
  "id": "GHSA-j37g-g7hg-vhg6",
  "modified": "2026-07-09T06:31:59Z",
  "published": "2026-07-01T06:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44040"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ultravnc/UltraVNC"
    },
    {
      "type": "WEB",
      "url": "https://uvnc.com"
    },
    {
      "type": "WEB",
      "url": "https://www.securin.io/zero-days/cve-2026-44040-libc-rand-weak-rng-vnc-auth-challenge-ultravnc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J3RH-8VWQ-WH84

Vulnerability from github – Published: 2020-06-26 16:48 – Updated: 2023-01-20 18:53
VLAI
Summary
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Details

JHipster Kotlin is using an insecure source of randomness to generate all of its random values. JHipster Kotlin relies upon apache commons lang3 RandomStringUtils.

From the documentation:

Caveat: Instances of Random, upon which the implementation of this class relies, are not cryptographically secure. - https://commons.apache.org/proper/commons-lang/javadocs/api-3.9/org/apache/commons/lang3/RandomStringUtils.html

Here are the examples of JHipster Kotlin's use of an insecure PRNG:

https://github.com/jhipster/jhipster-kotlin/blob/193ae8f13c0be686f9687e78bacfedb144c47d8c/generators/server/templates/src/main/kotlin/package/service/util/RandomUtil.kt.ejs#L32

Proof Of Concepts Already Exist

There has been a POC of taking one RNG value generated RandomStringUtils and reversing it to generate all of the past/future RNG values public since March 3rd, 2018.

https://medium.com/@alex91ar/the-java-soothsayer-a-practical-application-for-insecure-randomness-c67b0cd148cd

POC Repository: https://github.com/alex91ar/randomstringutils

Potential Impact Technical

All that is required is to get one password reset token from a JHipster Kotlin generated service and using the POC above, you can reverse what all future password reset tokens to be generated by this server. This allows an attacker to pick and choose what account they would like to takeover by sending account password reset requests for targeted accounts.

Potential Impact Scale

Not as large as for the original jhipster project as the kotlin blueprint is not that widely used.

Patches

Update your generated applications to > 1.2.0

Workarounds

Change the content of RandomUtil.kt like this:

import java.security.SecureRandom
import org.apache.commons.lang3.RandomStringUtils

private const val DEF_COUNT = 20

object RandomUtil {
    private val secureRandom: SecureRandom = SecureRandom()

    init {
        secureRandom.nextBytes(byteArrayOf(64.toByte()))
    }

    private fun generateRandomAlphanumericString(): String {
        return RandomStringUtils.random(DEF_COUNT, 0, 0, true, true, null, secureRandom)
    }

    /**
    * Generate a password.
    *
    * @return the generated password.
    */
    fun generatePassword(): String = generateRandomAlphanumericString()
}

Important is to exchange every call of RandomStringUtils.randomAlphaNumeric.

For more information

If you have any questions or comments about this advisory: * Open an issue in JHipster Kotlin

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "generator-jhipster-kotlin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-16303"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-26T16:47:54Z",
    "nvd_published_at": "2019-09-14T00:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "JHipster Kotlin is using an insecure source of randomness to generate all of its random values. JHipster Kotlin relies upon apache commons lang3 `RandomStringUtils`.\n\nFrom the documentation:\n\n\u003e Caveat: Instances of Random, upon which the implementation of this class relies, are not cryptographically secure.\n\u003e \\- https://commons.apache.org/proper/commons-lang/javadocs/api-3.9/org/apache/commons/lang3/RandomStringUtils.html\n\nHere are the examples of JHipster Kotlin\u0027s use of an insecure PRNG:\n\nhttps://github.com/jhipster/jhipster-kotlin/blob/193ae8f13c0be686f9687e78bacfedb144c47d8c/generators/server/templates/src/main/kotlin/package/service/util/RandomUtil.kt.ejs#L32\n\n## Proof Of Concepts Already Exist\n\nThere has been a POC of taking one RNG value generated `RandomStringUtils` and reversing it to generate all of the past/future RNG values public since March 3rd, 2018.\n\nhttps://medium.com/@alex91ar/the-java-soothsayer-a-practical-application-for-insecure-randomness-c67b0cd148cd\n\nPOC Repository: https://github.com/alex91ar/randomstringutils\n\n\n## Potential Impact Technical\n\nAll that is required is to get one password reset token from a JHipster Kotlin generated service and using the POC above, you can reverse what all future password reset tokens to be generated by this server. This allows an attacker to pick and choose what account they would like to takeover by sending account password reset requests for targeted accounts.\n\n## Potential Impact Scale\n\nNot as large as for the original jhipster project as the kotlin blueprint is not that widely used.\n\n### Patches\n\nUpdate your generated applications to \u003e 1.2.0\n\n### Workarounds\n\nChange the content of `RandomUtil.kt` like this:\n\n```kotlin\nimport java.security.SecureRandom\nimport org.apache.commons.lang3.RandomStringUtils\n\nprivate const val DEF_COUNT = 20\n\nobject RandomUtil {\n    private val secureRandom: SecureRandom = SecureRandom()\n\n    init {\n        secureRandom.nextBytes(byteArrayOf(64.toByte()))\n    }\n\n    private fun generateRandomAlphanumericString(): String {\n        return RandomStringUtils.random(DEF_COUNT, 0, 0, true, true, null, secureRandom)\n    }\n\n    /**\n    * Generate a password.\n    *\n    * @return the generated password.\n    */\n    fun generatePassword(): String = generateRandomAlphanumericString()\n}\n```\n\nImportant is to exchange **every** call of `RandomStringUtils.randomAlphaNumeric`.\n\n\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [JHipster Kotlin](https://github.com/jhipster/jhipster-kotlin)",
  "id": "GHSA-j3rh-8vwq-wh84",
  "modified": "2023-01-20T18:53:25Z",
  "published": "2020-06-26T16:48:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/generator-jhipster/security/advisories/GHSA-mwp6-j9wf-968c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/jhipster-kotlin/security/advisories/GHSA-j3rh-8vwq-wh84"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16303"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/generator-jhipster/issues/10401"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/jhipster-kotlin/issues/183"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/generator-jhipster/commit/88448b85fd3e8e49df103f0061359037c2c68ea7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jhipster/jhipster-kotlin/commit/deec3587ef7721cf5de5b960d43e9b68beff6193"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jhipster/generator-jhipster"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r6d243e7e3f25daeb242dacf3def411fba32a9388d3ff84918cb28ddd@%3Cissues.commons.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc3f00f5d3d2ec0e2381a3b9096d5f5b4d46ec1587ee7e251a3dbb897@%3Cissues.commons.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rc87fa35a48b5d70b06af6fb81785ed82e82686eb83307aae6d250dc9@%3Cissues.commons.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-466980"
    },
    {
      "type": "WEB",
      "url": "https://www.jhipster.tech/2019/09/13/jhipster-release-6.3.0.html"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1187"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1188"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0"
}

GHSA-J539-XXC6-73WF

Vulnerability from github – Published: 2026-05-08 18:31 – Updated: 2026-05-27 00:31
VLAI
Details

Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.

The built-in rand function is predictable, and unsuitable for cryptography.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T18:16:34Z",
    "severity": "HIGH"
  },
  "details": "Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts.\n\nThe built-in rand function is predictable, and unsuitable for cryptography.",
  "id": "GHSA-j539-xxc6-73wf",
  "modified": "2026-05-27T00:31:26Z",
  "published": "2026-05-08T18:31:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6659"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ronsavage/Crypt-PasswdMD5/pull/3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ronsavage/Crypt-PasswdMD5/commit/a2f821637db0296082297aa4b02254ab08f0dc5e.patch"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.42/source/lib/Crypt/PasswdMD5.pm#L35-47"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/RSAVAGE/Crypt-PasswdMD5-1.43/changes"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/08/17"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J74M-34V4-RGQP

Vulnerability from github – Published: 2026-04-27 15:30 – Updated: 2026-04-27 15:30
VLAI
Details

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-40514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-338"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-27T15:16:20Z",
    "severity": "HIGH"
  },
  "details": "SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.",
  "id": "GHSA-j74m-34v4-rgqp",
  "modified": "2026-04-27T15:30:52Z",
  "published": "2026-04-27T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40514"
    },
    {
      "type": "WEB",
      "url": "https://www.smartertools.com/smartermail/release-notes/current"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/smartertools-smartermail-build-9610-cryptographic-weakness-via-weak-rng"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Implementation

Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

No CAPEC attack patterns related to this CWE.