LIVE NEWSROOM · --:-- · May 25, 2026
A LIBRARY FOR SECURITY RESEARCHERS

CWE WEAKNESSES  /  CWE-330

CWE-330

Use of Insufficiently Random Values

Class EXPLOIT LIKELIHOOD: HIGH

What it is

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

Impact

Confidentiality, OtherOther
Access Control, OtherBypass Protection Mechanism, Other
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity

Mitigations

  • [Architecture and Design]Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.Pseudo-random number generators can p
  • [Implementation] Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
  • [Architecture and Design, Requirements] Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

Real-world CVE examples

  • CVE-2021-3692 — PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens
  • CVE-2020-7010 — Cloud application on Kubernetes generates passwords using a weak random number generator based on deployment time.
  • CVE-2009-3278 — Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
  • CVE-2009-3238 — Random number generator can repeatedly generate the same value.
  • CVE-2009-2367 — Web application generates predictable session IDs, allowing session hijacking.
  • CVE-2009-2158 — Password recovery utility generates a relatively small number of random passwords, simplifying brute force attacks.
  • CVE-2009-0255 — Cryptographic key created with a seed based on the system time.
  • CVE-2008-5162 — Kernel function does not have a good entropy source just after boot.
  • CVE-2008-4905 — Blogging software uses a hard-coded salt when calculating a password hash.
  • CVE-2008-4929 — Bulletin board application uses insufficiently random names for uploaded files, allowing other users to access private files.
  • CVE-2008-3612 — Handheld device uses predictable TCP sequence numbers, allowing spoofing or hijacking of TCP connections.
  • CVE-2008-2433 — Web management console generates session IDs based on the login time, making it easier to conduct session hijacking.

Related weaknesses

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →

Scroll to Top