Vulnerabilities > Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

DATE CVE VULNERABILITY TITLE RISK
2024-04-15 CVE-2024-31497 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures.
5.9
2024-02-08 CVE-2024-23660 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Binance Trust Wallet 0.0.4
The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023.
network
low complexity
binance CWE-338
7.5
2024-01-16 CVE-2023-45236 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number.
network
low complexity
tianocore CWE-338
7.5
2024-01-16 CVE-2023-45237 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number.
network
low complexity
tianocore CWE-338
7.5
2023-11-15 CVE-2023-48224 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ethyca Fides
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code.
network
low complexity
ethyca CWE-338
critical
9.1
2023-10-19 CVE-2023-27791 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ixpdata Easyinstall 6.6.148840
An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG.
network
high complexity
ixpdata CWE-338
8.1
2023-10-19 CVE-2022-26943 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Motorola Mtm5400 Firmware and Mtm5500 Firmware
The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source.
low complexity
motorola CWE-338
8.8
2023-08-09 CVE-2023-39910 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Libbitcoin Explorer
The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue.
network
low complexity
libbitcoin CWE-338
7.5
2023-07-07 CVE-2023-36993 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Travianz Project Travianz 8.3.3/8.3.4
The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.
network
low complexity
travianz-project CWE-338
critical
9.8
2023-06-19 CVE-2022-48506 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dominionvoting Democracy Suite
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios.
low complexity
dominionvoting CWE-338
2.4