Technical Details
- Structure
- Simple
- Vulnerability Mapping
- ALLOWED
Applicable To
Security Consequences
Scope
Impact
Mitigation Strategies
Phase
Description
Increase the entropy used to seed a PRNG.
Phase
Description
Strategy: Libraries or Frameworks Use products or modules that conform to FIPS 140-2 [ REF-267 ] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
Phase
Description
Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
No examples or observed CVEs available for this CWE.
CWE Relationships
No relationship information available for this CWE.
Frequently Asked Questions
What is CWE-342: CWE-342: Predictable Exact Value from Previous Values?+
CWE-342: CWE-342: Predictable Exact Value from Previous Values is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description
What are the security consequences of CWE-342: Predictable Exact Value from Previous Values?+
If exploited, CWE-342 (CWE-342: Predictable Exact Value from Previous Values) it can compromise Varies by Context, leading to outcomes such as Scope: Other.
How do you prevent or mitigate CWE-342: Predictable Exact Value from Previous Values?+
Recommended mitigations for CWE-342 include: Increase the entropy used to seed a PRNG. Strategy: Libraries or Frameworks Use products or modules that conform to FIPS 140-2 [ REF-267 ] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators"). Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.
Which programming languages are affected by CWE-342: Predictable Exact Value from Previous Values?+
CWE-342 commonly affects Languages. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-342 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.