CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)
Learn about CWE-337 (Predictable Seed in Pseudo-Random Number Generator (PRNG)), its security impact, exploitation methods, and prevention guidelines.
What is Predictable Seed in Pseudo-Random Number Generator (PRNG)?
• Overview: Predictable Seed in Pseudo-Random Number Generator (PRNG) occurs when a PRNG is initialized with a seed that can be easily guessed or predicted, such as using the system time or process ID, making the generated numbers predictable.
• Exploitation Methods:
- Attackers can exploit this vulnerability by determining or guessing the seed value, allowing them to predict future outputs of the PRNG.
- Common attack patterns include timing attacks to determine the seed or reverse-engineering applications to find predictable seed sources.
• Security Impact:
- Direct consequences include attackers being able to predict "random" values, which can compromise cryptographic keys, tokens, or other security mechanisms relying on randomness.
- Potential cascading effects include the undermining of encryption, authentication, and other security protocols.
- Business impact involves compromised data security, potential data breaches, and loss of trust from users and clients.
• Prevention Guidelines:
- Use a cryptographically secure random number generator (CSPRNG) that complies with best practices for seed generation.
- Avoid predictable seed sources like timestamps or process IDs; instead, use seeds derived from secure sources such as hardware-based entropy.
- Recommended tools and frameworks include using security libraries that provide secure PRNG implementations, such as those found in modern cryptographic libraries.
Corgea can automatically detect and fix Predictable Seed in Pseudo-Random Number Generator (PRNG) in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
function generateToken() {
// Vulnerable: Using Date.now() as a seed makes the random values predictable
const seed = Date.now(); // {3}
Math.seedrandom(seed); // {4}
return Math.floor(Math.random() * (999999 - 100000 + 1)) + 100000; // {5}
}
console.log(generateToken());
Explanation:
- Vulnerability: The use of
Date.now()as a seed for random number generation results in predictable output, as the current timestamp can be easily guessed by an attacker. This makes the generated tokens predictable and insecure for purposes such as session tokens or password resets.
How to fix Predictable Seed in Pseudo-Random Number Generator (PRNG)?
In JavaScript, instead of using insecure seeding methods, utilize the crypto module (in Node.js) or the window.crypto API (in browsers) to generate cryptographically secure random numbers. These methods ensure high entropy and unpredictability.
Fixed Code Example
const crypto = require('crypto');
function generateToken() {
// Fixed: Using crypto module for secure random number generation
const buffer = crypto.randomBytes(4); // Generates 4 random bytes
const randomValue = buffer.readUInt32BE(0) % 900000 + 100000; // {3-5}
return randomValue;
}
console.log(generateToken());
Explanation:
- Fix: The
crypto.randomBytesmethod is used to generate a secure random number. By interpreting the bytes as an unsigned integer and adjusting it to fall within the desired range, we ensure that the output is unpredictable and secure. - Security Principle: Use the
cryptoAPI for generating secure random values, as it provides high entropy and is resistant to prediction attacks. This is crucial for applications where security and unpredictability are paramount, such as in generating tokens for authentication or encryption keys.