CWE-330 - Use of Insufficiently Random Values

Description

The task of the software is to generate random and unpredictable values for better system protection. Under the influence of weakness software begins to generate an insufficient amount of unguessable values letting attackers predict the next value and get access to any sensitive information.
If the software provide protection with the help of session ID or a cryptographic key seed generating, it's easy for attackers to guess the next ID or key. In he case of using unpredictable values attackers can get access to the user's data with the help of another user's key or ID. Having pre-created a new resource with learnt ID or key, offenders send files to the targeted users and block the ability to use it properly.
The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-330

Multiple vulnerabilities in IBM Cloud Pak for Watson AIOps 2024-03-07
High Yes

Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management Security Services 2024-02-22
High Yes

Multiple vulnerabilities in IBM QRadar Suite Software 2024-02-16
Critical Yes

Dell Data Protection Central update for third-party components 2024-01-30
High Yes

Multiple vulnerabilities in MediaTek chipsets 2024-01-02
High Yes

Multiple vulnerabilities in IBM Watson Machine Learning Accelerator on Cloud Pak for Data 2023-12-11
High Yes

Use of insufficiently random values in crypto-js 2023-12-08
Medium Yes

Information disclosure in Henschen & Associates CaseLook 2023-12-06
Medium Yes

Multiple vulnerabilities in Watson Machine Learning Accelerator on Cloud Pak for Data 2023-11-16
High Yes

Multiple vulnerabilities in IBM Storage Protect Plus 2023-11-09
High Yes

References

Description of CWE-330 on Mitre website