CWE-331 Base Brouillon

Insufficient Entropy

This vulnerability occurs when a system's random number generator or algorithm lacks sufficient unpredictability, creating patterns or predictable outputs that are easier for attackers to guess.

Définition

What is CWE-331?

This vulnerability occurs when a system's random number generator or algorithm lacks sufficient unpredictability, creating patterns or predictable outputs that are easier for attackers to guess.

Insufficient entropy means your random values aren't random enough. This often stems from using weak algorithms (like `rand()`), seeding generators with predictable values (like the current time), or drawing from a source with limited possible outcomes. Attackers can exploit these patterns to predict security-critical values like session tokens, cryptographic keys, or password reset codes, effectively bypassing protections that rely on randomness. To prevent this, developers should use cryptographically secure pseudorandom number generators (CSPRNGs) provided by the operating system or language's security libraries. Always ensure your entropy source is robust and unpredictable, especially for initialization vectors, nonces, and key generation. For high-stakes systems, consider using hardware random number generators or dedicated security services to guarantee the quality of your randomness.

Impact réel

Real-world CVEs caused by CWE-331

CVE-2001-0950

Insufficiently random data used to generate session tokens using C rand(). Also, for certificate/key generation, uses a source that does not block when entropy is low.
CVE-2008-2108

Chain: insufficient precision (CWE-1339) in random-number generator causes some zero bits to be reliably generated, reducing the amount of entropy (CWE-331)

Comment les attaquants l'exploitent

Parcours de l'attaquant étape par étape

1
This code generates a unique random identifier for a user's session.
2
Because the seed for the PRNG is always the user's ID, the session ID will always be the same. An attacker could thus predict any user's session ID and potentially hijack the session.
3
This example also exhibits a Small Seed Space (CWE-339).
4
The following code uses a statistical PRNG to create a URL for a receipt that remains active for some period of time after a purchase.
5
This code uses the Random.nextInt() function to generate "unique" identifiers for the receipt pages it generates. Because Random.nextInt() is a statistical PRNG, it is easy for an attacker to guess the strings it generates. Although the underlying design of the receipt system is also faulty, it would be more secure if it used a random number generator that did not produce predictable receipt identifiers, such as a cryptographic PRNG.

Exemple de code vulnérable

Vulnerable PHP

This code generates a unique random identifier for a user's session.

Vulnérable PHP

function generateSessionID($userID){
  	srand($userID);
  	return rand();
  }

Exemple de code sécurisé

Secure pseudo

Sécurisé pseudo

// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
  const safe = validateAndEscape(input);
  return executeWithGuards(safe);
}

What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.

Liste de contrôle de prévention

How to prevent CWE-331

Implementation Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds.

Signaux de détection

How to detect CWE-331

SAST High

Exécuter une analyse statique (SAST) sur le code source à la recherche du motif non sécurisé dans le flux de données.

DAST Moderate

Exécuter des tests de sécurité applicative dynamique (DAST) contre le point de terminaison en ligne.

Runtime Moderate

Surveiller les journaux runtime pour détecter des traces d'exception inhabituelles, des entrées malformées ou des tentatives de contournement d'autorisation.

Code review Moderate

Revue de code : signaler tout nouveau code qui traite les entrées de cette surface sans utiliser les helpers du framework validés.

Correction automatique Plexicus

Plexicus détecte automatiquement CWE-331 et ouvre une PR de correction en moins de 60 secondes.

Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.

Obtenir une démo Essayer Plexicus gratuitement

Questions fréquentes

Frequently asked questions

Qu'est-ce que CWE-331 ?

This vulnerability occurs when a system's random number generator or algorithm lacks sufficient unpredictability, creating patterns or predictable outputs that are easier for attackers to guess.

Quelle est la gravité de CWE-331 ?

MITRE n'a pas publié de note de probabilité d'exploitation pour cette faiblesse. Traitez-la comme un impact moyen jusqu'à ce que votre modèle de menace prouve le contraire.

Quels langages ou plateformes sont affectés par CWE-331 ?

MITRE n'a pas spécifié les plateformes affectées pour ce CWE — il peut s'appliquer à la plupart des stacks applicatives.

Comment puis-je prévenir CWE-331 ?

Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds.

Comment Plexicus détecte et corrige CWE-331 ?

Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-331 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.

Où puis-je en savoir plus sur CWE-331 ?

MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/331.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.

Faiblesses associées

Weaknesses related to CWE-331

CWE-330 Parent

Use of Insufficiently Random Values

This vulnerability occurs when an application uses random values that are not sufficiently unpredictable in security-sensitive operations,…

CWE-1204 Frère

Generation of Weak Initialization Vector (IV)

This vulnerability occurs when software uses a weak or predictable Initialization Vector (IV) for cryptographic operations. Many…

CWE-1241 Frère

Use of Predictable Algorithm in Random Number Generator

This vulnerability occurs when a device or application relies on a predictable algorithm to generate pseudo-random numbers, making the…

CWE-334 Frère

Small Space of Random Values

This vulnerability occurs when a system uses a random number generator that produces too few possible values. Attackers can easily predict…

CWE-335 Frère

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

This vulnerability occurs when a Pseudo-Random Number Generator (PRNG) is used, but its initial seed value is not handled securely or…

CWE-338 Frère

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

This vulnerability occurs when software uses a pseudo-random number generator (PRNG) that is not cryptographically strong for…

CWE-340 Frère

Generation of Predictable Numbers or Identifiers

This vulnerability occurs when a system creates numbers or identifiers that are too easy to guess, undermining security mechanisms that…

CWE-344 Frère

Use of Invariant Value in Dynamically Changing Context

This vulnerability occurs when code uses a fixed, unchanging value (like a hardcoded string, number, or reference) in a situation where…

CWE-332 Enfant