# Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338) The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. - Prevalence: High Frequently exploited - Impact: High 2 high-severity rules - Prevention: Documented 4 fix examples **OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2 ## Description When a non-cryptographic PRNG is used in a security context (such as generating session tokens or cryptographic keys), an attacker may be able to predict its output and compromise the security mechanism. ## Prevention Prevention strategies for Weak PRNG based on 4 Shoulder detection rules. ### Key Practices - Use of Math ### Go Use crypto/rand instead of math/rand for security-sensitive values ### Node.js Use crypto.randomBytes() or crypto.randomUUID() for security-sensitive random values ### Python Use the secrets module for tokens, passwords, and all security-sensitive randomness Use the secrets module instead of random for security-sensitive operations ## Warning Signs - [HIGH] math/rand used for security-sensitive random values - [HIGH] Math.random() used for security-sensitive operation: ... - [HIGH] use of Math - [MEDIUM] use of insecure random number generators (random module) for security-critical operations - [MEDIUM] use of the random module for security-sensitive operations like tokens, passwords, or cryptographic ## Consequences - Bypass Protection Mechanism - Gain Privileges ## Mitigations - Use cryptographically secure random number generators (CSPRNGs) - In JavaScript, use crypto.getRandomValues() or crypto.randomUUID() - In Python, use secrets module instead of random ## Detection - Total rules: 4 - Languages: go, javascript, typescript, python ## Rules by Language ### Python (2 rules) - **Insecure Random Number Generation** [MEDIUM]: Detects use of insecure random number generators (random module) for security-critical operations. Use secrets module or os.urandom() for cryptographic randomness (tokens, passwords, keys, nonces). - Remediation: Use the secrets module for tokens, passwords, and security-sensitive operations. ```python import secrets # Generate secure token token = secrets.token_urlsafe(32) # Generate secure hex token reset_token = secrets.token_hex(32) # Generate secure bytes for keys/salt key = secrets.token_bytes(32) ``` Learn more: https://shoulder.dev/learn/python/cwe-338/insecure-randomness - **Cryptographically Weak Random Number Generation** [MEDIUM]: Detects use of the random module for security-sensitive operations like tokens, passwords, or cryptographic keys. The random module is not cryptographically secure. Use the secrets module instead. - Remediation: Use the secrets module instead of random for security-sensitive operations. ```python import secrets token = secrets.token_hex(32) api_key = secrets.token_urlsafe(32) # For passwords: import string alphabet = string.ascii_letters + string.digits password = ''.join(secrets.choice(alphabet) for _ in range(12)) ``` Learn more: https://shoulder.dev/learn/python/cwe-338/weak-random ### Go (1 rules) - **Weak Random Number Generation for Security** [HIGH]: Uses math/rand for security tokens, keys, or session IDs instead of crypto/rand. - Remediation: Use crypto/rand for all security-sensitive random values. ```go import "crypto/rand" token := make([]byte, 32) if _, err := rand.Read(token); err != nil { return err } ``` Learn more: https://shoulder.dev/learn/go/cwe-338/weak-random ### Javascript (1 rules) - **Weak Random Number Generation in Security Context** [HIGH]: Detects use of Math.random() for security-sensitive operations like generating tokens, session IDs, or cryptographic keys. Math.random() is not cryptographically secure and can be predicted by attackers. - Remediation: Replace Math.random() with cryptographically secure alternatives. ### Typescript (1 rules) - **Weak Random Number Generation in Security Context** [HIGH]: Detects use of Math.random() for security-sensitive operations like generating tokens, session IDs, or cryptographic keys. Math.random() is not cryptographically secure and can be predicted by attackers. - Remediation: Replace Math.random() with cryptographically secure alternatives.