CWE-1241 Base Draft

Use of Predictable Algorithm in Random Number Generator

This vulnerability occurs when a device or application relies on a predictable algorithm to generate pseudo-random numbers, making the output sequence foreseeable.

Definition

What is CWE-1241?

This vulnerability occurs when a device or application relies on a predictable algorithm to generate pseudo-random numbers, making the output sequence foreseeable.
Pseudo-random number generators (PRNGs) create numbers using deterministic algorithms, meaning they have a finite internal state that will eventually repeat. This predictability makes them vulnerable to attacks where an adversary can analyze past outputs to deduce future values or uncover the generator's internal state, compromising the security of any system that depends on this randomness. For robust security, especially in encryption, key generation, or session tokens, it's critical to use hardware-based True Random Number Generators (TRNGs). TRNGs derive randomness from unpredictable physical processes like electrical noise, producing outputs that are unbiased, independent, and fundamentally unpredictable, thereby providing a much stronger foundation for security-critical operations.
Auswirkungen in der Praxis

Real-world CVEs caused by CWE-1241

  • CVE-2021-3692

    PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens

Wie Angreifer es ausnutzen

Angreiferpfad Schritt für Schritt

  1. 1

    Suppose a cryptographic function expects random value to be supplied for the crypto algorithm.

  2. 2

    During the implementation phase, due to space constraint, a cryptographically secure random-number-generator could not be used, and instead of using a TRNG (True Random Number Generator), a LFSR (Linear Feedback Shift Register) is used to generate a random value. While an LFSR will provide a pseudo-random number, its entropy (measure of randomness) is insufficient for a cryptographic algorithm.

  3. 3

    The example code is taken from the PRNG inside the buggy OpenPiton SoC of HACK@DAC'21 [REF-1370]. The SoC implements a pseudo-random number generator using a Linear Feedback Shift Register (LFSR).

  4. 4

    An example of LFSR with the polynomial function P(x) = x 6+x 4+x 3+1 is shown in the figure.

  5. 5

    A LFSR's input bit is determined by the output of a linear function of two or more of its previous states. Therefore, given a long cycle, a LFSR-based PRNG will enter a repeating cycle, which is predictable.

Verwundbares Codebeispiel

Vulnerable Verilog

An example of LFSR with the polynomial function P(x) = x 6+x 4+x 3+1 is shown in the figure.

Verwundbar Verilog 
**reg in_sr, entropy16_valid;** 

 **reg [15:0] entropy16;** 


 **assign entropy16_o = entropy16;** 

 **assign entropy16_valid_o = entropy16_valid;** 


 **always @ (*)** 

 **begin** 

```
```
in_sr = ^ (poly_i [15:0] & entropy16 [15:0]);** 
  
 **end**
Sicheres Codebeispiel

Secure pseudo

Sicher pseudo 
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
  const safe = validateAndEscape(input);
  return executeWithGuards(safe);
}
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Präventions-Checkliste

How to prevent CWE-1241

  • Architecture and Design A true random number generator should be specified for cryptographic algorithms.
  • Implementation A true random number generator should be implemented for cryptographic algorithms.
Erkennungssignale

How to detect CWE-1241

SAST High

Führe statische Analyse (SAST) auf der Codebasis aus und suche im Datenfluss nach dem unsicheren Muster.

DAST Moderate

Führe dynamische Application-Security-Tests gegen den Live-Endpoint aus.

Runtime Moderate

Beobachte Runtime-Logs auf ungewöhnliche Exception-Traces, fehlerhafte Eingaben oder Versuche, Autorisierung zu umgehen.

Code review Moderate

Code Review: Markiere jeden neuen Code, der Eingaben von dieser Oberfläche ohne validierte Framework-Helper verarbeitet.

Plexicus Auto-Fix

Plexicus erkennt CWE-1241 automatisch und öffnet in unter 60 Sekunden einen Fix-PR.

Codex Remedium scannt jeden Commit, identifiziert genau diese Schwachstelle und liefert einen reviewer-ready Pull Request mit dem Patch. Keine Tickets. Keine Hand-offs.

Demo anfordern Plexicus kostenlos testen
Häufig gestellte Fragen

Frequently asked questions

Was ist CWE-1241?

This vulnerability occurs when a device or application relies on a predictable algorithm to generate pseudo-random numbers, making the output sequence foreseeable.

Wie gravierend ist CWE-1241?

MITRE hat für diese Schwachstelle keine Exploit-Wahrscheinlichkeit veröffentlicht. Behandle sie als mittlere Auswirkung, bis dein Threat Model anderes belegt.

Welche Sprachen oder Plattformen sind von CWE-1241 betroffen?

MITRE lists the following affected platforms: System on Chip.

Wie kann ich CWE-1241 verhindern?

A true random number generator should be specified for cryptographic algorithms. A true random number generator should be implemented for cryptographic algorithms.

Wie erkennt und behebt Plexicus CWE-1241?

Die SAST-Engine von Plexicus erkennt die Datenfluss-Signatur von CWE-1241 bei jedem Commit. Bei einem Treffer öffnet unser Codex-Remedium-Agent einen Fix-PR mit korrigiertem Code, Tests und einer einzeiligen Zusammenfassung für den Reviewer.

Wo erfahre ich mehr über CWE-1241?

MITRE veröffentlicht die kanonische Definition unter https://cwe.mitre.org/data/definitions/1241.html. Für ergänzende Hinweise kannst du auch die OWASP- und NIST-Dokumentation heranziehen.

Verwandte Schwachstellen

Weaknesses related to CWE-1241

CWE-330 Parent

Use of Insufficiently Random Values

This vulnerability occurs when an application uses random values that are not sufficiently unpredictable in security-sensitive operations,…

CWE-1204 Sibling

Generation of Weak Initialization Vector (IV)

This vulnerability occurs when software uses a weak or predictable Initialization Vector (IV) for cryptographic operations. Many…

CWE-331 Sibling

Insufficient Entropy

This vulnerability occurs when a system's random number generator or algorithm lacks sufficient unpredictability, creating patterns or…

CWE-334 Sibling

Small Space of Random Values

This vulnerability occurs when a system uses a random number generator that produces too few possible values. Attackers can easily predict…

CWE-335 Sibling

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

This vulnerability occurs when a Pseudo-Random Number Generator (PRNG) is used, but its initial seed value is not handled securely or…

CWE-338 Sibling

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

This vulnerability occurs when software uses a pseudo-random number generator (PRNG) that is not cryptographically strong for…

CWE-340 Sibling

Generation of Predictable Numbers or Identifiers

This vulnerability occurs when a system creates numbers or identifiers that are too easy to guess, undermining security mechanisms that…

CWE-344 Sibling

Use of Invariant Value in Dynamically Changing Context

This vulnerability occurs when code uses a fixed, unchanging value (like a hardcoded string, number, or reference) in a situation where…

Ressourcen

Further reading

Bereit, wenn du es bist

Schluss mit dem Bezahlen pro Entwickler.
Schließ den Kreislauf.

Plexicus ist die KI-native ASPM, die scannt, filtert, fixt, pentestet und erklärt — autonom. Unbegrenzte Entwickler, unbegrenzte Repos, Fair-Use-KI-Aktionen. Echter kostenloser Tarif, €269/mo jährlich, wenn du bereit bist.

Kostenlos starten Demo buchen