CWE-330: Use of Insufficiently Random Values
Learn about CWE-330 (Use of Insufficiently Random Values), its security impact, exploitation methods, and prevention guidelines.
What is Use of Insufficiently Random Values?
• Overview: Use of Insufficiently Random Values occurs when software generates predictable numbers in situations where unpredictability is crucial, such as in security contexts. This can lead to vulnerabilities because attackers can potentially guess these values.
• Exploitation Methods:
- Attackers can exploit this vulnerability by predicting future values from a random number generator to impersonate users or gain unauthorized access.
- Common attack patterns include brute-forcing predictable tokens or session IDs, and using known seed values to recreate random sequences.
• Security Impact:
- Direct consequences include unauthorized access, data breaches, and impersonation.
- Potential cascading effects involve further exploitation of compromised systems, leading to broader network access or data leakage.
- Business impact can be severe, resulting in loss of customer trust, financial damage, and regulatory penalties.
• Prevention Guidelines:
- Use cryptographically secure random number generators for security-critical applications.
- Follow security best practices such as regularly updating libraries and frameworks to utilize the latest security features.
- Recommended tools and frameworks include those that provide cryptographic functions, such as OpenSSL or the security modules in modern programming languages.
Corgea can automatically detect and fix Use of Insufficiently Random Values in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit:
Affected Languages: Not Language-Specific
Affected Technologies: Not Technology-Specific
Computers are deterministic machines, and as such are unable to produce true randomness. Pseudo-Random Number Generators (PRNGs) approximate randomness algorithmically, starting with a seed from which subsequent values are calculated. There are two types of PRNGs: statistical and cryptographic. Statistical PRNGs provide useful statistical properties, but their output is highly predictable and forms an easy to reproduce numeric stream that is unsuitable for use in cases where security depends on generated values being unpredictable. Cryptographic PRNGs address this problem by generating output that is more difficult to predict. For a value to be cryptographically secure, it must be impossible or highly improbable for an attacker to distinguish between it and a truly random value.
Vulnerable Code Example
function generateSessionToken() {
// Vulnerable code: using Math.random() which is not cryptographically secure
return Array(16).fill(null).map(() => Math.random().toString(36).charAt(2)).join('');
}
const token = generateSessionToken();
console.log(`Generated session token: \${token}`);
In this JavaScript example, the generateSessionToken function uses Math.random(), which is not suitable for cryptographic purposes. This function generates pseudo-random numbers that are predictable and can be exploited, making it insecure for generating session tokens.
How to fix Use of Insufficiently Random Values?
To fix this issue, we should use a cryptographically secure random number generator. In JavaScript, the crypto module provides a crypto.getRandomValues() method that can be used to generate secure random values. This method should replace Math.random() for generating secure tokens.
Fixed Code Example
function generateSessionToken() {
const array = new Uint8Array(16);
// Fixed code: using crypto.getRandomValues for cryptographic security
window.crypto.getRandomValues(array);
// Convert each byte to a base-36 character
return Array.from(array, byte => (byte % 36).toString(36)).join('');
}
const token = generateSessionToken();
console.log(`Generated session token: \${token}`);
In the fixed version, we use window.crypto.getRandomValues() to fill a Uint8Array with cryptographically secure random values. These values are then converted into a base-36 string to form the session token. This approach ensures the token is secure and unpredictable, making it suitable for security-sensitive contexts such as session management.