logo

Same Seed in Pseudo-Random Number Generator (PRNG)

Draft Variant
Structure: Simple
Description

This vulnerability occurs when a Pseudo-Random Number Generator (PRNG) is repeatedly initialized with the same starting seed value.

Extended Description

PRNGs are deterministic, meaning that if you start them from the same seed, they will produce an identical sequence of 'random' numbers every single time. This predictability breaks the core assumption of randomness that many security features rely on, such as session tokens, cryptographic keys, or password reset tokens. If an attacker discovers or can reasonably guess the seed—for example, if it's a hard-coded value, a simple timestamp, or another predictable source—they can pre-calculate or replicate the entire output sequence. This allows them to anticipate future random values, bypass security controls, impersonate users, or compromise encrypted data that depends on those numbers being truly unpredictable.
Common Consequences 1
Scope: OtherAccess Control

Impact: OtherBypass Protection Mechanism
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Potential Mitigations 2
Phase: Architecture and Design
Do not reuse PRNG seeds. Consider a PRNG that periodically re-seeds itself as needed from a high quality pseudo-random output, such as hardware devices.
Phase: Architecture and DesignRequirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.
Demonstrative Examples 2

ID : DX-177

The following code uses a statistical PRNG to generate account IDs.

Code Example:

Bad
Java
java
Because the program uses the same seed value for every invocation of the PRNG, its values are predictable, making the system vulnerable to attack.

ID : DX-45

This code attempts to generate a unique random identifier for a user's session.

Code Example:

Bad
PHP
php
Because the seed for the PRNG is always the user's ID, the session ID will always be the same. An attacker could thus predict any user's session ID and potentially hijack the session.
If the user IDs are generated sequentially, or otherwise restricted to a narrow range of values, then this example also exhibits a Small Seed Space (Small Seed Space in PRNG).
Observed Examples 1
CVE-2022-39218SDK for JavaScript app builder for serverless code uses the same fixed seed for a PRNG, allowing cryptography bypass
References 2
FIPS PUB 140-2: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
Information Technology Laboratory, National Institute of Standards and Technology
25-05-2001
https://csrc.nist.gov/files/pubs/fips/140-2/upd2/final/docs/fips1402.pdf(2025-05-21)
ID: REF-267
FIPS PUB 140-3: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES
Information Technology Laboratory, National Institute of Standards and Technology
22-03-2019
https://csrc.nist.gov/publications/detail/fips/140/3/final
ID: REF-1192
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) (CWE-335)
Taxonomy Mapping
  • PLOVER
  • The CERT Oracle Secure Coding Standard for Java (2011)
Notes
MaintenanceAs of CWE 4.5, terminology related to randomness, entropy, and predictability can vary widely. Within the developer and other communities, "randomness" is used heavily. However, within cryptography, "entropy" is distinct, typically implied as a measurement. There are no commonly-used definitions, even within standards documents and cryptography papers. Future versions of CWE will attempt to define these terms and, if necessary, distinguish between them in ways that are appropriate for different communities but do not reduce the usability of CWE for mapping, understanding, or other scenarios.