CWE · MITRE source
CWE-338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks. Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.
Last updated: 04 July 2026 08:17 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: full · 7 mapping(s) from 6 framework(s): ASVS 5.0 2 (full) · OWASP-Web 1 (full) · STIG oracle linux 8 1 (mostly) · STIG ubuntu 22 04 1 (mostly) · STIG rhel 8 1 (partial) · ATT&CK 1 (partial)
OWASP Top 10 for Web (2025)
This weakness contributes to A04:2025 Cryptographic Failures.
NIST 800-53 r5 controls that address this weakness (2)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
AT-5 | Contacts with Security Groups and Associations | AT | Security associations share details on cryptographically weak PRNGs, helping avoid their implementation in security-critical functions. |
SC-12 | Cryptographic Key Establishment and Management | SC | Cryptographic key management standards require cryptographically strong PRNGs for key material, blocking use of weak generators. |
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2008-0166 | 8.0 | 7.5 | 0.7072 | 2008-05-13 |
CVE-2009-2367 | 7.0 | 9.8 | 0.2319 | 2009-07-08 |
CVE-2017-18021 | 7.0 | 9.8 | 0.0236 | 2018-01-05 |
CVE-2018-16115 | 7.0 | 9.1 | 0.0119 | 2018-08-29 |
CVE-2019-16303 | 7.0 | 9.8 | 0.0367 | 2019-09-14 |
CVE-2015-9435 | 7.0 | 9.8 | 0.0206 | 2019-09-26 |
CVE-2020-28642 | 7.0 | 9.8 | 0.0253 | 2020-11-16 |
CVE-2019-14480 | 7.0 | 9.8 | 0.0112 | 2020-12-16 |
CVE-2021-3538 | 7.0 | 9.8 | 0.0231 | 2021-06-02 |
CVE-2011-4574 | 7.0 | 9.8 | 0.0105 | 2021-10-27 |
CVE-2022-36045 | 7.0 | 9.0 | 0.0105 | 2022-08-31 |
CVE-2022-44796 | 7.0 | 9.8 | 0.0067 | 2022-11-07 |
CVE-2022-35255 | 7.0 | 9.1 | 0.0187 | 2022-12-05 |
CVE-2023-2884 | 7.0 | 9.8 | 0.0069 | 2023-05-25 |
CVE-2023-36993 | 7.0 | 9.8 | 0.0080 | 2023-07-07 |
CVE-2024-29868 | 7.0 | 9.1 | 0.0600 | 2024-06-24 |
CVE-2024-40762 | 7.0 | 9.8 | 0.0100 | 2025-01-09 |
CVE-2025-32754 | 7.0 | 9.1 | 0.0045 | 2025-04-10 |
CVE-2025-32755 | 7.0 | 9.1 | 0.0045 | 2025-04-10 |
CVE-2025-3495 | 7.0 | 9.8 | 0.0062 | 2025-04-16 |
CVE-2025-40916 UPD | 7.0 | 9.1 | 0.0033 | 2025-06-16 |
CVE-2025-7394 UPD | 7.0 | 9.8 | 0.0039 | 2025-07-18 |
CVE-2025-40925 | 7.0 | 9.1 | 0.0034 | 2025-09-20 |
CVE-2024-58040 | 7.0 | 9.1 | 0.0022 | 2025-09-30 |
CVE-2025-59390 | 7.0 | 9.8 | 0.0060 | 2025-11-26 |