CWE WEAKNESSES / CWE-340
CWE-340
Generation of Predictable Numbers or Identifiers
Class
What it is
The product uses a scheme that generates numbers or identifiers that are more predictable than required.
Impact
| Other | Varies by Context |
Real-world CVE examples
- CVE-2022-29330 — Product for administering PBX systems uses predictable identifiers and timestamps for filenames (CWE-340) which allows attackers to access files via direct requ
- CVE-2001-1141 — PRNG allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future p
- CVE-1999-0074 — Listening TCP ports are sequentially allocated, allowing spoofing attacks.
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →