CWE-339 - Small Seed Space in PRNG

Weakness Name

Small Seed Space in PRNG

Description

A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks.

PRNGs are entirely deterministic once seeded, so it should be extremely difficult to guess the seed. If an attacker can collect the outputs of a PRNG and then brute force the seed by trying every possibility to see which seed matches the observed output, then the attacker will know the output of any subsequent calls to the PRNG. A small seed space implies that the attacker will have far fewer possible values to try to exhaust all possibilities.

Common Consequences

Related Weaknesses

CWE-335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

CWE-341Predictable from Observable State