CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Learn about CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)), its security impact, exploitation methods, and prevention guidelines.
What is Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)?
• Overview: This vulnerability occurs when a system uses a pseudo-random number generator (PRNG) that is not designed for cryptographic purposes, in contexts where strong security is needed. Such PRNGs lack the necessary unpredictability and strength, making them unsuitable for secure applications.
• Exploitation Methods:
- Attackers can predict future random numbers generated by the weak PRNG, potentially compromising cryptographic protocols.
- Common attack patterns include guessing cryptographic keys, session tokens, or other security-sensitive data that rely on randomness.
• Security Impact:
- Direct consequences include the compromise of encryption keys, session IDs, and other security tokens.
- Potential cascading effects include unauthorized data access, data breaches, and the undermining of authentication mechanisms.
- Business impact can involve financial loss, reputational damage, and legal liabilities due to compromised security.
• Prevention Guidelines:
- Specific code-level fixes include replacing non-cryptographic PRNGs with cryptographically secure random number generators (CSPRNGs).
- Security best practices include regularly auditing and updating cryptographic components and ensuring that randomness sources are suitable for security purposes.
- Recommended tools and frameworks are those providing CSPRNGs, such as using SecureRandom in Java or os.urandom in Python.
Corgea can automatically detect and fix Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit:
Affected Languages: Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
function generateSecureToken() {
// Vulnerable: Using Math.random(), which is not cryptographically secure
// This can make tokens predictable and compromise security
const chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
let token = '';
for (let i = 0; i < 16; i++) {
// Math.random() is not suitable for cryptographic purposes
token += chars.charAt(Math.floor(Math.random() * chars.length));
}
return token;
}
// Usage
console.log(generateSecureToken());
How to fix Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)?
The issue with Math.random() is that it's not intended for security purposes. It can produce predictable sequences, making it unsuitable for tasks like generating tokens or keys. Instead, use the crypto module in Node.js or the Web Crypto API in browsers to generate cryptographically secure random numbers.
Fixed Code Example
const crypto = require('crypto');
function generateSecureToken() {
// Fixed: Using crypto.randomBytes for cryptographically secure random generation
// This ensures that the generated tokens are unpredictable and secure
const chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
const tokenLength = 16;
let token = '';
// Generate cryptographically secure random bytes
const randomBytes = crypto.randomBytes(tokenLength);
for (let i = 0; i < tokenLength; i++) {
// Use randomBytes to ensure unpredictability
token += chars.charAt(randomBytes[i] % chars.length);
}
return token;
}
// Usage
console.log(generateSecureToken());
Explanation
-
Vulnerable Code: The vulnerable example uses
Math.random()to generate random numbers. This function is not suitable for security-sensitive operations because it does not produce cryptographically secure random numbers, leading to predictable outputs. -
Fixed Code: The fixed example uses Node.js's
crypto.randomBytes()to generate random bytes. This function provides cryptographically secure randomness, making the generated tokens much more secure and unpredictable. The code then maps these bytes to characters from the specified set, ensuring that each character in the token is selected securely.
By using cryptographically secure methods, the fixed example mitigates the risk of token predictability and enhances the overall security of the token generation process.