CWE-342 从先前值可预测准确值
Predictable Exact Value from Previous Values
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: unkown
基本描述
An exact value or random number can be precisely predicted by observing previous values.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 330 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 330 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Varies by Context |
可能的缓解方案
策略:
Increase the entropy used to seed a PRNG.
MIT-2 ['Architecture and Design', 'Requirements']
策略: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
MIT-50 Implementation
策略:
Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2002-1463 | Firewall generates easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1463 |
| CVE-1999-0074 | Listening TCP ports are sequentially allocated, allowing spoofing attacks. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0074 |
| CVE-1999-0077 | Predictable TCP sequence numbers allow spoofing. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0077 |
| CVE-2000-0335 | DNS resolver uses predictable IDs, allowing a local user to spoof DNS query results. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0335 |
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Predictable Exact Value from Previous Values |