1. Home
  2. CWE Database
  3. CWE-332
Variant · Low-Medium

CWE-332: Insufficient Entropy in PRNG

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

CWE-332 · Variant Level ·2 CVEs ·3 Mitigations

Description

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

Potential Impact

Availability

DoS: Crash, Exit, or Restart

Access Control, Other

Bypass Protection Mechanism, Other

Mitigations & Prevention

Architecture and DesignRequirements

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

Implementation

Consider a PRNG that re-seeds itself as needed from high-quality pseudo-random output, such as hardware devices.

Architecture and Design

When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator that always uses strong random data -- i.e., a random number generator that attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally, something that always provides a predictable amount of strength is preferable.

Detection Methods

  • Automated Static Analysis — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

Real-World CVE Examples

CVE IDDescription
[REF-1374]Chain: JavaScript-based cryptocurrency library can fall back to the insecure Math.random() function instead of reporting a failure (CWE-392), thus reducing the entropy (CWE-332) and leading to generat
CVE-2019-1715security product has insufficient entropy in the DRBG, allowing collisions and private key discovery

CWE-331: Insufficient Entropy

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that ...

Taxonomy Mappings

  • CLASP: — Insufficient entropy in PRNG
  • The CERT Oracle Secure Coding Standard for Java (2011): MSC02-J — Generate strong random numbers

Frequently Asked Questions

What is CWE-332?

CWE-332 (Insufficient Entropy in PRNG) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

How can CWE-332 be exploited?

Attackers can exploit CWE-332 (Insufficient Entropy in PRNG) to dos: crash, exit, or restart. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-332?

Key mitigations include: Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

What is the severity of CWE-332?

CWE-332 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 2 real-world CVEs.