CWE-330 - Use of Insufficiently Random Values


The task of the software is to generate random and unpredictable values for better system protection. Under the influence of weakness software begins to generate an insufficient amount of unguessable values letting attackers predict the next value and get access to any sensitive information.
If the software provide protection with the help of session ID or a cryptographic key seed generating, it's easy for attackers to guess the next ID or key. In he case of using unpredictable values attackers can get access to the user's data with the help of another user's key or ID. Having pre-created a new resource with learnt ID or key, offenders send files to the targeted users and block the ability to use it properly.
The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-330


Description of CWE-330 on Mitre website