CVEbaza.plCWE DictionaryCWE-1241
Common Weakness Enumeration

CWE-1241

Use of Predictable Algorithm in Random Number Generator

Category: BaseCVE: 8
Description

The device uses an algorithm that is predictable and generates a pseudo-random number.

CVE vulnerabilities with CWE-1241 (8)
8.1
CVSS
HIGH
CVE-2023-4695

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

pub. 2023-09-01
7.5
CVSS
HIGH
CVE-2026-26018

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.

pub. 2026-03-06
7.5
CVSS
HIGH
CVE-2021-3689

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

pub. 2021-08-10
7.5
CVSS
HIGH
CVE-2016-10180

An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.

pub. 2017-01-30
6.3
CVSS
MEDIUM
CVE-2026-6420

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographically random value. This allows the attacker to stockpile valid TPM quotes and replay them to evade detection after compromising the system. This issue affects only the push model deployment.

pub. 2026-05-06
5.3
CVSS
MEDIUM
CVE-2025-13079

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data. This makes it possible for unauthenticated attackers to unsubscribe arbitrary subscribers from mailing lists via brute-forcing the unsubscribe token, granted they know the victim's email address

pub. 2026-02-19
5.3
CVSS
MEDIUM
CVE-2021-3692

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

pub. 2021-08-10
4.0
CVSS
MEDIUM
CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on Nissan Leaf ZE1 manufactured in 2020.

pub. 2026-01-22
Information
ID: CWE-1241
Type: Base
Vulnerabilities: 8
MITRE CWE ↗
← CWE Dictionary