CWE-338: CWE-338
Yearly Trend
Top Affected Vendors
All CWE-338 CVEs (44)
CVE-2026-2439 is a session ID generation vulnerability in Concierge::Sessions for Perl that allows attackers to guess session identifiers and gain una...
Feb 16, 2026This vulnerability in FreshRSS allows attackers to predict authentication tokens due to weak random number generation, enabling account takeover throu...
Dec 27, 2025Apache Druid's Kerberos authenticator uses a weak random fallback secret when cookieSignatureSecret isn't explicitly configured, allowing attackers to...
Nov 26, 2025Delta Electronics COMMGR v1 and v2 use predictable session IDs due to insufficient randomization (CWE-338), allowing attackers to brute force authenti...
Apr 16, 2025This vulnerability in SonicOS SSLVPN uses a weak random number generator for authentication tokens, allowing attackers to predict tokens and bypass au...
Jan 9, 2025CVE-2023-36993 is a critical vulnerability in TravianZ game servers where the password reset function uses a cryptographically insecure random number ...
Jul 7, 2023CVE-2011-4574 is a critical vulnerability in PolarSSL's HAVEGE random number generator that produces weak cryptographic keys when virtualized environm...
Oct 27, 2021This vulnerability in the satori/go.uuid library allows attackers to predict generated UUIDs due to insecure randomness. This affects any application ...
Jun 2, 2021CVE-2020-28642 is a critical vulnerability in InfiniteWP Admin Panel that allows remote attackers to take over administrator accounts by exploiting we...
Nov 16, 2020Fiber web framework versions before 2.52.11 on Go versions prior to 1.24 may generate predictable UUIDs when crypto/rand fails to obtain secure random...
Feb 9, 2026Smolder versions through 1.51 for Perl use the non-cryptographically secure rand() function for cryptographic operations, making generated values pred...
Feb 24, 2026This vulnerability in Starch versions 0.14 and earlier allows attackers to predict session IDs due to insecure generation using weak entropy sources l...
Sep 20, 2025CVE-2025-40916 is a cryptographic weakness in Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl, where the captcha generation uses the insecure ra...
Jun 16, 2025This vulnerability allows network-based attackers to impersonate Jenkins SSH build agents by exploiting identical SSH host keys across all containers ...
Apr 10, 2025This vulnerability in langgenius/dify v0.10.1 allows attackers to predict password reset codes due to a weak pseudo-random number generator (PRNG). At...
Mar 20, 2025Motorola MTM5000 series TETRA radios use weak random number generation for authentication challenges, allowing attackers to predict or brute-force aut...
Oct 19, 2023This vulnerability in dotCMS allows attackers to predict password reset tokens due to cryptographically insecure random generation. Attackers can use ...
Feb 1, 2023This vulnerability in Zulip Server allows remote attackers to brute-force RabbitMQ's weak authentication cookie (only ~20 bits of entropy) to gain cod...
Jan 25, 2022CVE-2023-28395 is a session token vulnerability in Osprey Pump Controller version 1.01 that allows attackers to predict session IDs and bypass authent...
Mar 28, 2023This vulnerability in the Fides privacy platform allows attackers to predict one-time verification codes due to weak random number generation. Attacke...
Nov 15, 2023This vulnerability in IXP Data Easy Install 6.6.148840 allows remote attackers to escalate privileges due to insecure pseudo-random number generation ...
Oct 19, 2023CVE-2023-24828 is a cryptographic weakness in OneDev's access token and password reset key generation algorithm that allows normal users to predict or...
Feb 8, 2023This vulnerability in coturn TURN/STUN server allows attackers to predict random nonces and port assignments due to a weak random number generator. At...
Dec 30, 2025This vulnerability allows unauthenticated attackers to infer parts of user authentication tokens due to a weak random number generator in FortiMail's ...
Mar 24, 2025CVE-2018-25107 is a cryptographic vulnerability in Perl's Crypt::Random::Source package where it falls back to the insecure built-in rand() function w...
Dec 29, 2024The Migration, Backup, Staging WordPress plugin before version 0.9.106 uses insufficient randomness when generating backup filenames, allowing attacke...
Oct 2, 2024This vulnerability allows attackers to recover private keys from cryptocurrency wallets generated using Libbitcoin Explorer's 'bx seed' command due to...
Aug 9, 2023This vulnerability in the Download Manager WordPress plugin allows attackers to brute-force download access keys, bypassing role-based restrictions an...
Apr 11, 2022Apache CloudStack prior to 4.16.1.0 uses insecure random number generation for project invitation tokens, allowing attackers with knowledge of project...
Mar 15, 2022This vulnerability in NetBSD's IPv6 implementation uses a weak cryptographic pseudo-random number generator (PRNG) for fragment ID generation, allowin...
Dec 25, 2021This vulnerability in NetBSD's IPv6 implementation uses a weak cryptographic pseudo-random number generator (PRNG) for generating Flow Labels, making ...
Dec 25, 2021This vulnerability in JetBrains YouTrack uses an insecure pseudo-random number generator (PRNG) that could allow attackers to predict generated values...
Aug 6, 2021WWW::OAuth 1.000 and earlier for Perl uses non-cryptographically secure random number generation (rand()) for cryptographic operations, potentially al...
Feb 13, 2026This vulnerability allows attackers to predict session IDs in Plack-Middleware-Session for Perl, potentially enabling session hijacking and unauthoriz...
Jul 16, 2025This vulnerability in Authen::SASL::Perl::DIGEST_MD5 generates client nonces (cnonce) with insufficient entropy, using predictable values like PID, ep...
Jul 16, 2025CVE-2024-45751 is a cryptographic weakness in tgt (Linux target framework) where predictable random number generation allows attackers to guess authen...
Sep 6, 2024CVE-2024-5264 allows administrators with console access to Thales Luna EFT to potentially access backup files through offline analysis, bypassing inte...
May 23, 2024CVE-2024-4772 is a vulnerability in Firefox where HTTP digest authentication nonce values were generated using the predictable rand() function instead...
May 14, 2024This vulnerability affects Amon2::Auth::Site::LINE authentication modules that use String::Random for nonce generation. The String::Random module defa...
Apr 5, 2025Mojolicious applications created with 'mojo generate app' from version 7.28 use weak HMAC session cookie secrets generated via Perl's insecure rand() ...
May 3, 2025CVE-2025-1805 is a cryptographic vulnerability in Crypt::Salt for Perl version 0.01 where the insecure rand() function is used to generate salts for c...
Apr 2, 2025This vulnerability in Net::OAuth::Client for Perl uses a weak random number generator (rand()) for nonce generation, making OAuth authentication predi...
Jan 3, 2025This vulnerability in SonicWall SMA100 SSLVPN devices uses a weak random number generator for backup codes, allowing attackers to potentially predict ...
Dec 5, 2024This vulnerability involves the use of a weak pseudo-random number generator in PowerG systems, which could allow attackers to decrypt or inject encry...
Dec 22, 2025About CWE-338 (CWE-338)
Our database tracks 44 CVEs classified as CWE-338, with 14 rated critical and 20 rated high severity. The average CVSS score for CWE-338 vulnerabilities is 8.0.
External reference: View CWE-338 on MITRE CWE →
Monitor CWE-338 Vulnerabilities
Get alerted when new CWE-338 CVEs affect your infrastructure.
Start Monitoring Free