CWE-1241 Base Draft

Use of Predictable Algorithm in Random Number Generator

This vulnerability occurs when a device or application relies on a predictable algorithm to generate pseudo-random numbers, making the output sequence foreseeable.

Definition

What is CWE-1241?

This vulnerability occurs when a device or application relies on a predictable algorithm to generate pseudo-random numbers, making the output sequence foreseeable.

Pseudo-random number generators (PRNGs) create numbers using deterministic algorithms, meaning they have a finite internal state that will eventually repeat. This predictability makes them vulnerable to attacks where an adversary can analyze past outputs to deduce future values or uncover the generator's internal state, compromising the security of any system that depends on this randomness. For robust security, especially in encryption, key generation, or session tokens, it's critical to use hardware-based True Random Number Generators (TRNGs). TRNGs derive randomness from unpredictable physical processes like electrical noise, producing outputs that are unbiased, independent, and fundamentally unpredictable, thereby providing a much stronger foundation for security-critical operations.

Real-world impact

Real-world CVEs caused by CWE-1241

CVE-2021-3692

PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens

How attackers exploit it

Step-by-step attacker path

1
Suppose a cryptographic function expects random value to be supplied for the crypto algorithm.
2
During the implementation phase, due to space constraint, a cryptographically secure random-number-generator could not be used, and instead of using a TRNG (True Random Number Generator), a LFSR (Linear Feedback Shift Register) is used to generate a random value. While an LFSR will provide a pseudo-random number, its entropy (measure of randomness) is insufficient for a cryptographic algorithm.
3
The example code is taken from the PRNG inside the buggy OpenPiton SoC of HACK@DAC'21 [REF-1370]. The SoC implements a pseudo-random number generator using a Linear Feedback Shift Register (LFSR).
4
An example of LFSR with the polynomial function P(x) = x 6+x 4+x 3+1 is shown in the figure.
5
A LFSR's input bit is determined by the output of a linear function of two or more of its previous states. Therefore, given a long cycle, a LFSR-based PRNG will enter a repeating cycle, which is predictable.

Vulnerable code example

Vulnerable Verilog

An example of LFSR with the polynomial function P(x) = x 6+x 4+x 3+1 is shown in the figure.

Vulnerable Verilog

**reg in_sr, entropy16_valid;** 

 **reg [15:0] entropy16;** 


 **assign entropy16_o = entropy16;** 

 **assign entropy16_valid_o = entropy16_valid;** 


 **always @ (*)** 

 **begin** 

```
```
in_sr = ^ (poly_i [15:0] & entropy16 [15:0]);** 
  
 **end**

Secure code example

Secure pseudo

// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
  const safe = validateAndEscape(input);
  return executeWithGuards(safe);
}

What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.

Prevention checklist

How to prevent CWE-1241

Architecture and Design A true random number generator should be specified for cryptographic algorithms.
Implementation A true random number generator should be implemented for cryptographic algorithms.

Detection signals

How to detect CWE-1241

SAST High

Run static analysis (SAST) on the codebase looking for the unsafe pattern in the data flow.

DAST Moderate

Run dynamic application security testing against the live endpoint.

Runtime Moderate

Watch runtime logs for unusual exception traces, malformed input, or authorization bypass attempts.

Code review Moderate

Code review: flag any new code that handles input from this surface without using the validated framework helpers.

Plexicus auto-fix

Plexicus auto-detects CWE-1241 and opens a fix PR in under 60 seconds.

Codex Remedium scans every commit, identifies this exact weakness, and ships a reviewer-ready pull request with the patch. No tickets. No hand-offs.

Get a demo Try Plexicus free

Frequently asked questions

What is CWE-1241?

This vulnerability occurs when a device or application relies on a predictable algorithm to generate pseudo-random numbers, making the output sequence foreseeable.

How serious is CWE-1241?

MITRE has not published a likelihood-of-exploit rating for this weakness. Treat it as medium-impact until your threat model proves otherwise.

What languages or platforms are affected by CWE-1241?

MITRE lists the following affected platforms: System on Chip.

How can I prevent CWE-1241?

A true random number generator should be specified for cryptographic algorithms. A true random number generator should be implemented for cryptographic algorithms.

How does Plexicus detect and fix CWE-1241?

Plexicus's SAST engine matches the data-flow signature for CWE-1241 on every commit. When a match is found, our Codex Remedium agent opens a fix PR with the corrected code, tests, and a one-line summary for the reviewer.

Where can I learn more about CWE-1241?

MITRE publishes the canonical definition at https://cwe.mitre.org/data/definitions/1241.html. You can also reference OWASP and NIST documentation for adjacent guidance.

Related weaknesses

Weaknesses related to CWE-1241

CWE-330 Parent

Don't Let Security
Weigh You Down.

Stop choosing between AI velocity and security debt. Plexicus is the only platform that runs Vibe Coding Security and ASPM in parallel — one workflow, every codebase.

Get started free Book a demo

Use of Predictable Algorithm in Random Number Generator

What is CWE-1241?

Real-world CVEs caused by CWE-1241

Step-by-step attacker path

Vulnerable Verilog

Secure pseudo

How to prevent CWE-1241

How to detect CWE-1241

Plexicus auto-detects CWE-1241 and opens a fix PR in under 60 seconds.

Frequently asked questions

Weaknesses related to CWE-1241

Use of Insufficiently Random Values

Generation of Weak Initialization Vector (IV)

Insufficient Entropy

Small Space of Random Values

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Generation of Predictable Numbers or Identifiers

Use of Invariant Value in Dynamically Changing Context

Further reading

Don't Let Security
Weigh You Down.

Use of Predictable Algorithm in Random Number Generator

What is CWE-1241?

Real-world CVEs caused by CWE-1241

Step-by-step attacker path

Vulnerable Verilog

Secure pseudo

How to prevent CWE-1241

How to detect CWE-1241

Plexicus auto-detects CWE-1241 and opens a fix PR in under 60 seconds.

Frequently asked questions

Weaknesses related to CWE-1241

Use of Insufficiently Random Values

Generation of Weak Initialization Vector (IV)

Insufficient Entropy

Small Space of Random Values

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Generation of Predictable Numbers or Identifiers

Use of Invariant Value in Dynamically Changing Context

Further reading

Don't Let SecurityWeigh You Down.

Don't Let Security
Weigh You Down.