CWE-331 - Insufficient Entropy
CWE-331
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Insufficient Entropy
- Description
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
- Common Consequences
Scope: Access Control, Other
Impact: Bypass Protection Mechanism, Other
Notes: An attacker could guess the random numbers generated and could gain unauthorized access to a system if the random numbers are used for authentication and authorization.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website