Description
An exact value or random number can be precisely predicted by observing previous values.
Potential Impact
Other
Varies by Context
Mitigations & Prevention
Increase the entropy used to seed a PRNG.
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2002-1463 | Firewall generates easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections. |
| CVE-1999-0074 | Listening TCP ports are sequentially allocated, allowing spoofing attacks. |
| CVE-1999-0077 | Predictable TCP sequence numbers allow spoofing. |
| CVE-2000-0335 | DNS resolver uses predictable IDs, allowing a local user to spoof DNS query results. |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Predictable Exact Value from Previous Values
Frequently Asked Questions
What is CWE-342?
CWE-342 (Predictable Exact Value from Previous Values) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. An exact value or random number can be precisely predicted by observing previous values.
How can CWE-342 be exploited?
Attackers can exploit CWE-342 (Predictable Exact Value from Previous Values) to varies by context. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.
How do I prevent CWE-342?
Key mitigations include: Increase the entropy used to seed a PRNG.
What is the severity of CWE-342?
CWE-342 is classified as a Base-level weakness (Medium abstraction). It has been observed in 4 real-world CVEs.