Use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic. Attach the monitor to the process and look for library functions that indicate when randomness is being used. Run the process multiple times to see if the seed changes. Look for accesses of devices or equivalent resources that are commonly used for strong (or weak) randomness, such as /dev/urandom on Linux. Look for library or system calls that access predictable information such as process IDs and system time.
Use of Insufficiently Random Values
This vulnerability occurs when an application uses random values that are not sufficiently unpredictable in security-sensitive operations, making them easier for attackers to guess or calculate.
What is CWE-330?
Real-world CVEs caused by CWE-330
-
PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens
-
Cloud application on Kubernetes generates passwords using a weak random number generator based on deployment time.
-
Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
-
Random number generator can repeatedly generate the same value.
-
Web application generates predictable session IDs, allowing session hijacking.
-
Password recovery utility generates a relatively small number of random passwords, simplifying brute force attacks.
-
Cryptographic key created with a seed based on the system time.
-
Kernel function does not have a good entropy source just after boot.
Angreiferpfad Schritt für Schritt
- 1
This code attempts to generate a unique random identifier for a user's session.
- 2
Because the seed for the PRNG is always the user's ID, the session ID will always be the same. An attacker could thus predict any user's session ID and potentially hijack the session.
- 3
This example also exhibits a Small Seed Space (CWE-339).
- 4
The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.
- 5
This code uses the Random.nextInt() function to generate "unique" identifiers for the receipt pages it generates. Because Random.nextInt() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG.
Vulnerable PHP
This code attempts to generate a unique random identifier for a user's session.
function generateSessionID($userID){
srand($userID);
return rand();
}Secure pseudo
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
const safe = validateAndEscape(input);
return executeWithGuards(safe);
}How to prevent CWE-330
- Architecture and Design Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds. In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts. Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
- Implementation Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
- Testing Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.
- Architecture and Design / Requirements Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
- Testing Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
How to detect CWE-330
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Bytecode Weakness Analysis - including disassembler + source code weakness analysis Binary Weakness Analysis - including disassembler + source code weakness analysis
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Man-in-the-middle attack tool
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections)
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer
Plexicus erkennt CWE-330 automatisch und öffnet in unter 60 Sekunden einen Fix-PR.
Codex Remedium scannt jeden Commit, identifiziert genau diese Schwachstelle und liefert einen reviewer-ready Pull Request mit dem Patch. Keine Tickets. Keine Hand-offs.
Frequently asked questions
Was ist CWE-330?
This vulnerability occurs when an application uses random values that are not sufficiently unpredictable in security-sensitive operations, making them easier for attackers to guess or calculate.
Wie gravierend ist CWE-330?
MITRE stuft die Exploit-Wahrscheinlichkeit als hoch ein — diese Schwachstelle wird aktiv in freier Wildbahn ausgenutzt und sollte priorisiert behoben werden.
Welche Sprachen oder Plattformen sind von CWE-330 betroffen?
MITRE lists the following affected platforms: Not Technology-Specific.
Wie kann ich CWE-330 verhindern?
Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds. In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts. Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a…
Wie erkennt und behebt Plexicus CWE-330?
Die SAST-Engine von Plexicus erkennt die Datenfluss-Signatur von CWE-330 bei jedem Commit. Bei einem Treffer öffnet unser Codex-Remedium-Agent einen Fix-PR mit korrigiertem Code, Tests und einer einzeiligen Zusammenfassung für den Reviewer.
Wo erfahre ich mehr über CWE-330?
MITRE veröffentlicht die kanonische Definition unter https://cwe.mitre.org/data/definitions/330.html. Für ergänzende Hinweise kannst du auch die OWASP- und NIST-Dokumentation heranziehen.
Weaknesses related to CWE-330
Protection Mechanism Failure
This weakness occurs when software either lacks a necessary security control, implements one that is too weak, or fails to activate an…
Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism
This vulnerability occurs when a system uses automated AI or machine learning to classify complex inputs like images, audio, or text, but…
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
A security-critical hardware component contains physical flaws in its semiconductor material, which can cause it to malfunction and…
Incorrect Selection of Fuse Values
This vulnerability occurs when a hardware security fuse is incorrectly programmed to represent a 'secure' state as logic 0 (unblown). An…
Product Released in Non-Release Configuration
This vulnerability occurs when a product ships to customers while still configured with its pre-production or manufacturing settings,…
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
This vulnerability occurs when hardware lacks safeguards against physical inspection, allowing attackers to extract sensitive data by…
Public Key Re-Use for Signing both Debug and Production Code
This vulnerability occurs when the same cryptographic key is used to sign both development/debug software builds and final production…
Missing Support for Security Features in On-chip Fabrics or Buses
This vulnerability occurs when the communication channels (fabrics or buses) within a chip lack built-in or enabled security features,…
Improper Protection against Electromagnetic Fault Injection (EM-FI)
This vulnerability occurs when a hardware device lacks sufficient shielding against electromagnetic interference, allowing attackers to…
Further reading
- MITRE — offizielle CWE-330 https://cwe.mitre.org/data/definitions/330.html
- FIPS PUB 140-2: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES https://csrc.nist.gov/files/pubs/fips/140-2/upd2/final/docs/fips1402.pdf
- Writing Secure Code https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223
- State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation https://www.ida.org/-/media/feature/publications/s/st/stateoftheart-resources-soar-for-software-vulnerability-detection-test-and-evaluation/p-5061.ashx
Schluss mit dem Bezahlen pro Entwickler.
Schließ den Kreislauf.
Plexicus ist die KI-native ASPM, die scannt, filtert, fixt, pentestet und erklärt — autonom. Unbegrenzte Entwickler, unbegrenzte Repos, Fair-Use-KI-Aktionen. Echter kostenloser Tarif, €269/mo jährlich, wenn du bereit bist.