Fluid Attacks Database

Description

The system uses insecure functions, insufficient ranges or low-entropy components to generate random numbers. This could allow an attacker to guess the generation sequence after a short time or predict results using probabilistic methods.

Impact

Predict the sequence of random numbers to create new attack vectors.

Recommendation

Use the most secure mechanisms offered by language to generate random numbers.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 15 minutes.

Requirements

223 - Uniform distribution in random numbers 224 - Use secure cryptographic mechanisms 346 - Use initialization vectors once

Rules

Java Use Of Insecure Random Java Weak Random Seed Javascript Predictable Math Random Ruby Use Of Insecure Random Function Scala Random Hardcoded Seed Dart Cryptography Insecure Random Key Generation Kotlin Weak Random Seed Scala Insecure Random Key Generation Scala Secure Random Hardcoded Seed Unsafe C Sharp Insecure Random Key Generation Java Secure Random Hardcoded Seed Unsafe Php Insecure Random Functions Typescript Weak Random Secret Generation Go Insecure Random Key Generation

Fixes

Csharp Dart Go Java JavaScript/TypeScript Php Python Ruby Scala Swift