Description
View on MITREExtended Description
No mitigation information available for this CWE.
No detection method information available for this CWE.
No examples or observed CVEs available for this CWE.
CWE-335: CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description Extended Description
If exploited, CWE-335 (CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)) it can compromise Bypass Protection Mechanism and Other, leading to outcomes such as Scope: Access Control, Other If a PRNG is used incorrectly, such as using the same seed for each initialization or using a predictable seed and then an attacker may be able to easily guess the seed and thus the random numbers. This could lead to unauthorized access to a system if the seed is used for authentication and authorization..
CWE-335 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-335 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.