1. Home
  2. CWE Database
  3. CWE-336
Variant · Low-Medium

CWE-336: Same Seed in Pseudo-Random Number Generator (PRNG)

A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.

CWE-336 · Variant Level ·1 CVEs ·2 Mitigations

Description

A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.

Given the deterministic nature of PRNGs, using the same seed for each initialization will lead to the same output in the same order. If an attacker can guess (or knows) the seed, then the attacker may be able to determine the random numbers that will be produced from the PRNG.

Potential Impact

Other, Access Control

Other, Bypass Protection Mechanism

Demonstrative Examples

The following code uses a statistical PRNG to generate account IDs.
Bad
private static final long SEED = 1234567890;public int generateAccountID() {Random random = new Random(SEED);return random.nextInt();}
Because the program uses the same seed value for every invocation of the PRNG, its values are predictable, making the system vulnerable to attack.
This code attempts to generate a unique random identifier for a user's session.
Bad
function generateSessionID($userID){srand($userID);return rand();}
Because the seed for the PRNG is always the user's ID, the session ID will always be the same. An attacker could thus predict any user's session ID and potentially hijack the session.
If the user IDs are generated sequentially, or otherwise restricted to a narrow range of values, then this example also exhibits a Small Seed Space (CWE-339).

Mitigations & Prevention

Architecture and Design

Do not reuse PRNG seeds. Consider a PRNG that periodically re-seeds itself as needed from a high quality pseudo-random output, such as hardware devices.

Architecture and DesignRequirements

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

Real-World CVE Examples

CVE IDDescription
CVE-2022-39218SDK for JavaScript app builder for serverless code uses the same fixed seed for a PRNG, allowing cryptography bypass

CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

Taxonomy Mappings

  • PLOVER: — Same Seed in PRNG
  • The CERT Oracle Secure Coding Standard for Java (2011): MSC02-J — Generate strong random numbers

Frequently Asked Questions

What is CWE-336?

CWE-336 (Same Seed in Pseudo-Random Number Generator (PRNG)) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.

How can CWE-336 be exploited?

Attackers can exploit CWE-336 (Same Seed in Pseudo-Random Number Generator (PRNG)) to other, bypass protection mechanism. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-336?

Key mitigations include: Do not reuse PRNG seeds. Consider a PRNG that periodically re-seeds itself as needed from a high quality pseudo-random output, such as hardware devices.

What is the severity of CWE-336?

CWE-336 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 1 real-world CVEs.