CWE-1241 7 CVEs MITRE definition ↗

CWE-1241: Use of Predictable Algorithm in Random Number Generator

Overview

CWE-1241 (Use of Predictable Algorithm in Random Number Generator) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The device uses an algorithm that is predictable and generates a pseudo-random number.

Applicable platforms

Kind Name Class Prevalence OS / CPE
technology System on Chip Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2026-6420 2026-05-06 A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardc…
CVE-2025-13079 2026-02-19 The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to t…
CVE-2025-32056 2026-01-22 The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN t…
CVE-2023-4695 2023-09-01 Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16.
CVE-2021-3692 2021-08-10 yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
CVE-2021-3689 2021-08-10 yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
CVE-2016-10180 2017-01-30 An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.

Content submission

Name
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi
Organization
Intel Corporation
Date
2020-02-10
Version
4.0

Content modifications

Date Name Version Importance Comment
2020-06-25 CWE Content Team 4.1 updated Common_Consequences, Demonstrative_Examples, Modes_of_Introduction
2020-08-20 CWE Content Team 4.2 updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns, Research_Gaps
2021-03-15 CWE Content Team 4.4 updated Maintenance_Notes, Research_Gaps
2021-07-20 CWE Content Team 4.5 updated Maintenance_Notes
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Demonstrative_Examples, Description, Observed_Examples, References
2025-04-03 CWE Content Team 4.17 updated Demonstrative_Examples
2025-12-11 CWE Content Team 4.19 updated Description, Potential_Mitigations, Relationships, Weakness_Ordinalities

Contributions

Type Name Date Comment
Content Chen Chen, Rahul Kande, Jeyavijayan Rajendran 2023-06-21 suggested demonstrative example
Content Shaza Zeitouni, Mohamadreza Rostami, Ahmad-Reza Sadeghi 2023-06-21 suggested demonstrative example
cvelogic Threat Intelligence