CWE-333 - Improper Handling of Insufficient Entropy in TRNG

CWE-333 Low

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Improper Handling of Insufficient Entropy in TRNG

Description: True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.
The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security.

Common Consequences: Scope: Availability
Impact: DoS: Crash, Exit, or Restart
Notes: A program may crash or block if it runs out of random numbers.

Related Weaknesses

CWE-755Improper Handling of Exceptional ConditionsMedium

CWE-331Insufficient Entropy

Release Date:
2006-07-19

Latest Modification Date:
2024-02-29

Free security scan for your website

Don't show website scan report rating on the leaderboard