Predictable Exact Value from Previous Values

Description

This vulnerability occurs when a system uses a predictable sequence for generating values, allowing an attacker to accurately guess future numbers by analyzing past ones.

Extended Description

Many applications rely on random or unique values for critical tasks like generating session tokens, encryption keys, or transaction IDs. When the algorithm producing these values is not truly random—perhaps using a simple counter, a weak pseudo-random number generator (PRNG), or a time-based seed—it creates a pattern. An attacker who observes a few previous values can often deduce the algorithm and predict the next value with high accuracy, completely bypassing the intended security. This flaw is particularly dangerous in security contexts. For instance, predictable session IDs can lead to account hijacking, and guessable initial sequence numbers (ISNs) in TCP connections can enable session spoofing. To prevent this, developers must use cryptographically secure random number generators (CSPRNGs) that are explicitly designed to be unpredictable, even when previous outputs are known, and ensure seeds have sufficient entropy from a reliable system source.

Common Consequences 1

Scope: Other

Impact: Varies by Context

Potential Mitigations 3

Increase the entropy used to seed a PRNG.

Phase: Architecture and DesignRequirements

Strategy: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

Phase: Implementation

Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.

Observed Examples 4

CVE-2002-1463Firewall generates easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.

CVE-1999-0074Listening TCP ports are sequentially allocated, allowing spoofing attacks.

CVE-1999-0077Predictable TCP sequence numbers allow spoofing.

CVE-2000-0335DNS resolver uses predictable IDs, allowing a local user to spoof DNS query results.

References 2

FIPS PUB 140-2: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES

Information Technology Laboratory, National Institute of Standards and Technology

25-05-2001

https://csrc.nist.gov/files/pubs/fips/140-2/upd2/final/docs/fips1402.pdf(2025-05-21)

ID: REF-267

24 Deadly Sins of Software Security

Michael Howard, David LeBlanc, and John Viega

McGraw-Hill

2010

ID: REF-44

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Architecture and Design

Implementation

Related Weaknesses

ChildOf:

Generation of Predictable Numbers or Identifiers (CWE-340)

Taxonomy Mapping

PLOVER

Notes

MaintenanceAs of CWE 4.5, terminology related to randomness, entropy, and predictability can vary widely. Within the developer and other communities, "randomness" is used heavily. However, within cryptography, "entropy" is distinct, typically implied as a measurement. There are no commonly-used definitions, even within standards documents and cryptography papers. Future versions of CWE will attempt to define these terms and, if necessary, distinguish between them in ways that are appropriate for different communities but do not reduce the usability of CWE for mapping, understanding, or other scenarios.