Use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic. Attach the monitor to the process and look for library functions that indicate when randomness is being used. Run the process multiple times to see if the seed changes. Look for accesses of devices or equivalent resources that are commonly used for strong (or weak) randomness, such as /dev/urandom on Linux. Look for library or system calls that access predictable information such as process IDs and system time.
Use of Insufficiently Random Values
This vulnerability occurs when an application uses random values that are not sufficiently unpredictable in security-sensitive operations, making them easier for attackers to guess or calculate.
What is CWE-330?
Real-world CVEs caused by CWE-330
-
PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens
-
Cloud application on Kubernetes generates passwords using a weak random number generator based on deployment time.
-
Crypto product uses rand() library function to generate a recovery key, making it easier to conduct brute force attacks.
-
Random number generator can repeatedly generate the same value.
-
Web application generates predictable session IDs, allowing session hijacking.
-
Password recovery utility generates a relatively small number of random passwords, simplifying brute force attacks.
-
Cryptographic key created with a seed based on the system time.
-
Kernel function does not have a good entropy source just after boot.
Parcours de l'attaquant étape par étape
- 1
This code attempts to generate a unique random identifier for a user's session.
- 2
Because the seed for the PRNG is always the user's ID, the session ID will always be the same. An attacker could thus predict any user's session ID and potentially hijack the session.
- 3
This example also exhibits a Small Seed Space (CWE-339).
- 4
The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.
- 5
This code uses the Random.nextInt() function to generate "unique" identifiers for the receipt pages it generates. Because Random.nextInt() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG.
Vulnerable PHP
This code attempts to generate a unique random identifier for a user's session.
function generateSessionID($userID){
srand($userID);
return rand();
}Secure pseudo
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
const safe = validateAndEscape(input);
return executeWithGuards(safe);
}How to prevent CWE-330
- Architecture and Design Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds. In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts. Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
- Implementation Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
- Testing Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.
- Architecture and Design / Requirements Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
- Testing Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
How to detect CWE-330
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Bytecode Weakness Analysis - including disassembler + source code weakness analysis Binary Weakness Analysis - including disassembler + source code weakness analysis
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Man-in-the-middle attack tool
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections)
According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer
Plexicus détecte automatiquement CWE-330 et ouvre une PR de correction en moins de 60 secondes.
Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.
Frequently asked questions
Qu'est-ce que CWE-330 ?
This vulnerability occurs when an application uses random values that are not sufficiently unpredictable in security-sensitive operations, making them easier for attackers to guess or calculate.
Quelle est la gravité de CWE-330 ?
MITRE évalue la probabilité d'exploitation comme Élevée — cette faiblesse est activement exploitée et doit être priorisée pour la remédiation.
Quels langages ou plateformes sont affectés par CWE-330 ?
MITRE lists the following affected platforms: Not Technology-Specific.
Comment puis-je prévenir CWE-330 ?
Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds. In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts. Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a…
Comment Plexicus détecte et corrige CWE-330 ?
Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-330 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.
Où puis-je en savoir plus sur CWE-330 ?
MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/330.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.
Weaknesses related to CWE-330
Protection Mechanism Failure
This weakness occurs when software either lacks a necessary security control, implements one that is too weak, or fails to activate an…
Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism
This vulnerability occurs when a system uses automated AI or machine learning to classify complex inputs like images, audio, or text, but…
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
A security-critical hardware component contains physical flaws in its semiconductor material, which can cause it to malfunction and…
Incorrect Selection of Fuse Values
This vulnerability occurs when a hardware security fuse is incorrectly programmed to represent a 'secure' state as logic 0 (unblown). An…
Product Released in Non-Release Configuration
This vulnerability occurs when a product ships to customers while still configured with its pre-production or manufacturing settings,…
Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
This vulnerability occurs when hardware lacks safeguards against physical inspection, allowing attackers to extract sensitive data by…
Public Key Re-Use for Signing both Debug and Production Code
This vulnerability occurs when the same cryptographic key is used to sign both development/debug software builds and final production…
Missing Support for Security Features in On-chip Fabrics or Buses
This vulnerability occurs when the communication channels (fabrics or buses) within a chip lack built-in or enabled security features,…
Improper Protection against Electromagnetic Fault Injection (EM-FI)
This vulnerability occurs when a hardware device lacks sufficient shielding against electromagnetic interference, allowing attackers to…
Further reading
- MITRE — CWE-330 officiel https://cwe.mitre.org/data/definitions/330.html
- FIPS PUB 140-2: SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES https://csrc.nist.gov/files/pubs/fips/140-2/upd2/final/docs/fips1402.pdf
- Writing Secure Code https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223
- State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation https://www.ida.org/-/media/feature/publications/s/st/stateoftheart-resources-soar-for-software-vulnerability-detection-test-and-evaluation/p-5061.ashx
Arrêtez de payer par développeur.
Commencez à fermer la boucle.
Plexicus est l'ASPM natif IA qui scanne, filtre, corrige, penteste et explique — de façon autonome. Développeurs illimités, dépôts illimités, actions IA à usage équitable. Vrai niveau gratuit, €269/mo annuel quand vous êtes prêt.