logo

CWE-332 - Insufficient Entropy in PRNG

CWE-332 Medium

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Insufficient Entropy in PRNG

Description

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

Common Consequences

Scope: Availability

Impact: DoS: Crash, Exit, or Restart

Notes: If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash.

Scope: Access Control, Other

Impact: Bypass Protection Mechanism, Other

Notes: If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2024-02-29

Free security scan for your website