Insufficient Entropy

Entropy, made by algorithm or scheme of the software, isn't enough that allows attackers to quess the random number and get access to the system if quessed combinations are used for authentication and authorization.
The weakness is introduced during Architecture and Design, Implementation stages.