CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

BaseDraftExploit Likelihood: Medium

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

View on MITRE
Back to CWE Lookup

Extended Description

When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks. Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)?+

CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks. Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.

What are the security consequences of Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)?+

If exploited, CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)) it can compromise Access Control, leading to outcomes such as Bypass Protection Mechanism.

How do you prevent or mitigate Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)?+

Recommended mitigations for CWE-338 include: Use functions or hardware which use a hardware-based random number generation for all crypto. This is the recommended solution. Use CyptGenRandom on Windows, or hw_rand() on Linux.

Which programming languages are affected by Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)?+

CWE-338 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)?+

MITRE documents real CVEs mapped to CWE-338, including CVE-2021-3692, CVE-2009-3278, CVE-2009-3238, CVE-2009-2367 and CVE-2008-0166. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-338 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More