logo

CWE-333 - Improper Handling of Insufficient Entropy in TRNG

CWE-333 Low

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Improper Handling of Insufficient Entropy in TRNG

Description

True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.

The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security.

Common Consequences

Scope: Availability

Impact: DoS: Crash, Exit, or Restart

Notes: A program may crash or block if it runs out of random numbers.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2024-02-29

Free security scan for your website