Predictable from Observable State |
Weakness ID: 341 (Weakness Base) | Status: Draft |
Description Summary
A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc.
Reference | Description |
---|---|
CVE-2002-0389 | |
CVE-2001-1141 | |
CVE-2000-0335 | DNS resolver library uses predictable IDs, which allows a local attacker to spoof DNS query results. |
CVE-2005-1636 | MFV. predictable filename and insecure permissions allows file modification to execute SQL queries. |
Increase the entropy used to seed a PRNG. |
Phase: Implementation Perform FIPS 140-2 tests on data to catch obvious entropy problems. |
Phase: Implementation Consider a PRNG which re-seeds itself, as needed from a high quality pseudo-random output, like hardware devices. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Class | 330 | Use of Insufficiently Random Values | Development Concepts (primary)699 Research Concepts (primary)1000 |
PeerOf | Weakness Base | 339 | Small Seed Space in PRNG | Research Concepts1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Predictable from Observable State |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Potential Mitigations | ||||
2009-12-28 | CWE Content Team | MITRE | Internal | |
updated Potential Mitigations |