Ubiq Blog

Application-Layer Encryption Authentication Compliance Cryptography Data Security Developers DevSecOps Encryption Key Management News Privacy Ransomware Zero Trust

Exploring CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

The OWASP Top Ten list is a preeminent resource for application security. It describes the ten most common and impactful vulnerabilities that affect web applications today. In the latest version of the OWASP Top Ten list, Cryptographic Failures took the number two spot. This vulnerability describes the numerous ways in which cryptographic code could be used in ways that undermine its security. Among these issues is the incorrect usage of cryptographic seeds for a pseudorandom number generator (PRNG), which is tracked as CWE 335. This issue makes it possible for an attacker to derive cryptographic keys and other sensitive values based on knowledge of the seed value.

Read More

Get the latest from Ubiq

Sign up so we can keep you up to date on encryption, security, and technology.

    By clicking "Sign Up" you agree to the processing of your personal data by Ubiq as described in our Privacy Policy. You can unsubscribe at any time by reaching out to support@ubiqsecurity.com.

    Ubiq Achieves SOC 2 Type II Compliance

    Read More

    Exploring CWE-331: Insufficient Entropy

    Read More

    Data at Rest Encryption: A False Sense of Security

    Read More

    Exploring CWE-330 Use of Insufficiently Random Values

    Read More
    Load More