PRNG Seed Reuse
Pseudo-Random Number Generator (PRNG) Seed Reuse
Overview of the Vulnerability
A Pseudo-Random Number Generator (PRNG) uses an initial seed value to generate random number through a complex algorithm. When this seed value is known, it is possible to determine the random numbers produce by the PRNG. An attacker with access to the seed value can predict or guess the random numbers which can lead to unauthorized access if that seed value is used for authorization and authentication.
Business Impact
This vulnerability can lead to reputational damage of the company through the impact to customers’ trust, and the ability of an attacker to view data. The severity of the impact to the business is dependent on the sensitivity of the accessible data being transmitted by the application.
Steps to Reproduce
Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
Setup {{software}} to intercept and log requests
Use a browser to navigate to: {{URL}}
{{action}} to view unencrypted requests
Proof of Concept (PoC)
The screenshot below demonstrates the PRNG seed reuse:
{{screenshot}}
Guidance
Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. Please include specific details on where you identified insufficient entropy, how you identified it, and what actions you were able to perform as a result.
Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept (PoC).
Recommendation(s)
Implement robust entropy for the cryptographic algorithms and ensure that the algorithms, protocols, and keys in place are kept up to date. It is also best practice to not use the same seed value for multiple invocations of PRNG initialization.
For more information, refer to the following resource:
Last updated