Cyber Resilience

CWE · MITRE source

CWE-338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Abstraction: Base · CVEs in our corpus: 194

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks. Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 7 mapping(s) from 6 framework(s): ASVS 5.0 2 (full) · OWASP-Web 1 (full) · STIG oracle linux 8 1 (mostly) · STIG ubuntu 22 04 1 (mostly) · STIG rhel 8 1 (partial) · ATT&CK 1 (partial)

See the full cumulative-coverage rollup →

OWASP Top 10 for Web (2025)

This weakness contributes to A04:2025 Cryptographic Failures.

NIST 800-53 r5 controls that address this weakness (2)AI

Control Title Family Why it addresses this CWE
AT-5Contacts with Security Groups and AssociationsATSecurity associations share details on cryptographically weak PRNGs, helping avoid their implementation in security-critical functions.
SC-12Cryptographic Key Establishment and ManagementSCCryptographic key management standards require cryptographically strong PRNGs for key material, blocking use of weak generators.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2008-01668.07.50.70722008-05-13
CVE-2009-23677.09.80.23192009-07-08
CVE-2017-180217.09.80.02362018-01-05
CVE-2018-161157.09.10.01192018-08-29
CVE-2019-163037.09.80.03672019-09-14
CVE-2015-94357.09.80.02062019-09-26
CVE-2020-286427.09.80.02532020-11-16
CVE-2019-144807.09.80.01122020-12-16
CVE-2021-35387.09.80.02312021-06-02
CVE-2011-45747.09.80.01052021-10-27
CVE-2022-360457.09.00.01052022-08-31
CVE-2022-447967.09.80.00672022-11-07
CVE-2022-352557.09.10.01872022-12-05
CVE-2023-28847.09.80.00692023-05-25
CVE-2023-369937.09.80.00802023-07-07
CVE-2024-298687.09.10.06002024-06-24
CVE-2024-407627.09.80.01002025-01-09
CVE-2025-327547.09.10.00452025-04-10
CVE-2025-327557.09.10.00452025-04-10
CVE-2025-34957.09.80.00622025-04-16
CVE-2025-40916 UPD7.09.10.00332025-06-16
CVE-2025-7394 UPD7.09.80.00392025-07-18
CVE-2025-409257.09.10.00342025-09-20
CVE-2024-580407.09.10.00222025-09-30
CVE-2025-593907.09.80.00602025-11-26