CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)

Description

A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.

Extended Description

Given the deterministic nature of PRNGs, using the same seed for each initialization will lead to the same output in the same order. If an attacker can guess (or knows) the seed, then the attacker may be able to determine the random numbers that will be produced from the PRNG.

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-2022-39218

SDK for JavaScript app builder for serverless code uses the same fixed seed for a PRNG, allowing cryptography bypass

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Common Consequences

Impact: Other, Bypass Protection Mechanism — Notes:

Potential Mitigations

Architecture and Design: Do not reuse PRNG seeds. Consider a PRNG that periodically re-seeds itself as needed from a high quality pseudo-random output, such as hardware devices. (N/A)
Architecture and Design: Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible. (N/A)

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

Intro: The following code uses a statistical PRNG to generate account IDs.

Body: Because the program uses the same seed value for every invocation of the PRNG, its values are predictable, making the system vulnerable to attack.

private static final long SEED = 1234567890; public int generateAccountID() { Random random = new Random(SEED); return random.nextInt(); }

Intro: This code attempts to generate a unique random identifier for a user's session.

Body: Because the seed for the PRNG is always the user's ID, the session ID will always be the same. An attacker could thus predict any user's session ID and potentially hijack the session.

function generateSessionID($userID){ srand($userID); return rand(); }

Notes

Maintenance: As of CWE 4.5, terminology related to randomness, entropy, and predictability can vary widely. Within the developer and other communities, "randomness" is used heavily. However, within cryptography, "entropy" is distinct, typically implied as a measurement. There are no commonly-used definitions, even within standards documents and cryptography papers. Future versions of CWE will attempt to define these terms and, if necessary, distinguish between them in ways that are appropriate for different communities but do not reduce the usability of CWE for mapping, understanding, or other scenarios.

← Back to CWE list