目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%
请我们喝杯咖啡

CWE-332 PRNG中信息熵不充分 类漏洞列表 4

CWE-332 PRNG中信息熵不充分 类弱点 4 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-332属于伪随机数生成器熵不足漏洞。当PRNG缺乏足够的随机性种子时,生成的数值序列可被预测,攻击者借此推测会话令牌或加密密钥,从而实施会话劫持或数据泄露。开发者应选用密码学安全的随机数生成器(CSPRNG),确保从操作系统或硬件获取高熵源,并避免使用基于时间或简单算法的低熵方法,以保障系统稳定性与安全。

MITRE CWE 官方描述
CWE:CWE-332 伪随机数生成器(PRNG)中熵不足 英文:可用于或用于伪随机数生成器(PRNG)的熵的缺乏可能构成稳定性和安全威胁。
常见影响 (2)
AvailabilityDoS: Crash, Exit, or Restart
If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash.
Access Control, OtherBypass Protection Mechanism, Other
If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users.
缓解措施 (3)
Architecture and Design, RequirementsUse products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
ImplementationConsider a PRNG that re-seeds itself as needed from high-quality pseudo-random output, such as hardware devices.
Architecture and DesignWhen deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator that always uses strong random data -- i.e., a random number generator that attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally, something that al…
CVE ID标题CVSS风险等级Published
CVE-2026-3290 Silicon Labs RS9116 SDK 安全漏洞 — RS9116 SDK--2026-05-14
CVE-2023-20107 Cisco Adaptive Security Appliances Software 安全特征问题漏洞 — Cisco Adaptive Security Appliance (ASA) Software 7.5 -2023-03-23
CVE-2019-1715 Cisco Adaptive Security Appliance Software和Cisco Firepower Threat Defense Software 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 7.5 -2019-05-03
CVE-2016-9154 Desigo PX Web Modules 安全漏洞 — Desigo PX Web modules with all firmware versions < V6.00.046 8.2 -2016-12-23

CWE-332(PRNG中信息熵不充分) 是常见的弱点类别,本平台收录该类弱点关联的 4 条 CVE 漏洞。