Skip to main content
The seed value of a Pseudo Random Number Generator (PRNG) is directly derived from the time, which is highly predictable. Do not use values from this PRNG to derive a secrets, such as passwords or cryptographic keys.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)
OWASP:
- A02:2021 - Cryptographic Failures