09 Mar, 2023

Insecure randomness generation

Vulnerability Assessment as a Service (VAaaS)

Tests systems and applications for vulnerabilities to address weaknesses.

Insecure randomness generation is a vulnerability that occurs when software systems generate unpredictable data or numbers in an unreliable or predictable way, making it easier for attackers to predict and exploit security weaknesses. This vulnerability is significant for web security, Android, and iOS security because it can be used to bypass authentication mechanisms, access sensitive data, or take control of the affected system.

Randomness is an essential element in cryptographic systems that protect sensitive data by generating unique keys and codes. Insecure randomness generation can lead to weak or predictable encryption keys, making it easier for attackers to decrypt sensitive information. For example, if a web application uses a predictable pattern to generate session IDs, an attacker can easily guess the next valid session ID and hijack the user’s session.

Insecure randomness generation can be a severe risk for organizations as it can lead to data breaches, loss of confidential information, and reputational damage. Attackers can use this vulnerability to carry out various attacks, such as session hijacking, cross-site request forgery, and privilege escalation. Organizations must take this vulnerability seriously and prioritize measures to mitigate its risk.

Overall, insecure randomness generation is a high-risk vulnerability that organizations must address to protect their systems and data. Proper implementation of cryptographic algorithms, random number generation techniques, and regular vulnerability assessments can help reduce the risk of this vulnerability being exploited by attackers.

Examples of vulnerable code on different programming languages

Python:

This Python code uses the random module to generate a random number between 0 and 100. However, the randint function in this module is not suitable for cryptographic purposes because it generates predictable random numbers. This can lead to vulnerabilities in cryptographic systems that rely on unpredictable random numbers.

				
					import random

def insecure_random():
    return random.randint(0, 100)

print(insecure_random())

				
			

JavaScript:

This JavaScript code uses the Math.random() function to generate a random number. However, the Math.random() function generates pseudo-random numbers that are not suitable for cryptographic purposes. This can lead to vulnerabilities in web applications that use random numbers for security purposes, such as session tokens or password reset tokens.

				
					function insecure_random() {
  return Math.random();
}

console.log(insecure_random());

				
			

HTML:

This HTML code includes a JavaScript function called insecure_random() that generates a random number between 1 and 10. However, the Math.random() function used in this code is not suitable for cryptographic purposes, as mentioned above. This can lead to vulnerabilities in web applications that use random numbers for security purposes, such as CSRF tokens or CAPTCHAs.

				
					<!DOCTYPE html>
<html>
<head>
  <title>Insecure Randomness Generation</title>
  <script>
    function insecure_random() {
      return Math.floor(Math.random() * 10) + 1;
    }
  </script>
</head>
<body data-rsssl=1>
  <h1>Insecure Randomness Generation</h1>
  <p>Your lucky number is: <span id="lucky-number"></span></p>
  <button onclick="document.getElementById('lucky-number').innerHTML = insecure_random()">Get Lucky Number</button>
</body>
</html>

				
			

Insecure randomness generation types in cybersecurity

Insufficient Entropy: Insufficient entropy occurs when a random number generator does not have enough randomness to generate unique numbers. This can happen when the seed value is too predictable or the algorithm used to generate random numbers is not truly random.

Predictable Seed Values: A predictable seed value can lead to predictable outputs from a random number generator, making it easier for attackers to predict future values. For example, if a random number generator uses the current timestamp as the seed value, an attacker can easily guess the seed value and predict future values.

Pseudo-random Number Generators: Pseudo-random number generators use deterministic algorithms to generate seemingly random numbers. However, these generators are not truly random and can be predictable if the algorithm and seed value are known to an attacker.

Non-cryptographic Randomness: Non-cryptographic randomness sources, such as user input or system clock values, may not be suitable for cryptographic purposes as they can be predictable or biased.

Weak Cryptographic Algorithms: Weak cryptographic algorithms can lead to predictable outputs, making it easier for attackers to guess future values. For example, the RC4 algorithm used in SSL/TLS encryption is vulnerable to attacks due to weak key scheduling.

Insufficient Key Length: Insufficient key length can make cryptographic algorithms vulnerable to brute-force attacks, making it easier for attackers to guess the encryption key and access sensitive data.

Ways of provoking Insecure randomness generation

General Ways:

  1. Insufficient Entropy: Insufficient entropy occurs when the random number generator doesn’t have enough entropy to generate a unique random number. For example, if the seed value for the random number generator is not sufficiently random or the algorithm used to generate random numbers is predictable, then the resulting random numbers can be insecure.

  2. Predictable Seed Values: Seed values can be predictable in several ways, such as using a fixed value or using a value that is easily guessable. If the seed value is predictable, an attacker can easily predict the sequence of random numbers generated by the algorithm.

  3. Non-Cryptographic Randomness: Using non-cryptographic sources of randomness, such as system clock values, can be predictable or biased, which can lead to insecure random numbers.

Specific Ways:

  1. Session Tokens: Session tokens are used to authenticate and authorize a user on a web application. If the session tokens are generated using an insecure random number generator, an attacker can easily predict the token and hijack the user’s session.

  2. Password Reset Tokens: Password reset tokens are used to reset a user’s password. If the tokens are generated using an insecure random number generator, an attacker can easily guess the token and reset the user’s password.

  3. CSRF Tokens: Cross-Site Request Forgery (CSRF) tokens are used to prevent CSRF attacks by ensuring that a request is coming from a legitimate source. If the tokens are generated using an insecure random number generator, an attacker can easily predict the token and carry out a CSRF attack.

  4. Encryption Keys: Encryption keys are used to encrypt and decrypt sensitive data. If the encryption keys are generated using an insecure random number generator, an attacker can easily guess the key and access the sensitive data.

Real world examples of Insecure randomness generation

OpenSSL Heartbleed bug: In 2014, a vulnerability was discovered in OpenSSL which was caused by an insecure implementation of the random number generator. This allowed attackers to extract sensitive data from vulnerable systems, including passwords, private keys, and other information. 

Android Jelly Bean vulnerability: In 2013, a vulnerability was discovered in the Android Jelly Bean operating system which allowed attackers to bypass the lock screen and gain access to the device. The vulnerability was caused by an insecure random number generator used in the encryption process. 

Debian OpenSSL vulnerability: In 2008, a vulnerability was discovered in the Debian version of OpenSSL which was caused by a flawed random number generator. This vulnerability affected a large number of servers and other systems that relied on OpenSSL for encryption. 

Dual_EC_DRBG backdoor: In 2013, it was revealed that the Dual_EC_DRBG random number generator, which was included as a standard in some cryptographic libraries, contained a backdoor which allowed attackers to predict the output of the generator with high accuracy. 

Java SecureRandom vulnerability: In 2013, a vulnerability was discovered in the Java SecureRandom class, which was caused by an insecure implementation of the random number generator. This vulnerability allowed attackers to predict the output of the generator and compromise the security of the system. 

PHP session ID vulnerability: In 2012, a vulnerability was discovered in PHP which was caused by an insecure random number generator used to generate session IDs. This vulnerability allowed attackers to hijack user sessions and gain access to sensitive data. 

Microsoft Windows random number generator vulnerability: In 2013, a vulnerability was discovered in the random number generator used in Microsoft Windows operating systems. This vulnerability allowed attackers to predict the output of the generator and compromise the security of the system. 

iOS random number generator vulnerability: In 2013, a vulnerability was discovered in the random number generator used in iOS operating systems. This vulnerability allowed attackers to predict the output of the generator and compromise the security of the system. 

Node.js crypto vulnerability: In 2015, a vulnerability was discovered in the Node.js crypto library, which was caused by an insecure implementation of the random number generator. This vulnerability allowed attackers to predict the output of the generator and compromise the security of the system. 

Juniper Networks VPN backdoor: In 2015, it was discovered that Juniper Networks’ VPN software contained a backdoor which was caused by an insecure implementation of the random number generator. This backdoor allowed attackers to gain unauthorized access to systems protected by the VPN. 

Average CVSS score and risk assessment of Insecure randomness generation

The average Common Vulnerability Scoring System (CVSS) score for insecure randomness generation vulnerabilities is relatively high, typically ranging from 6 to 9 out of 10. This is due to the fact that vulnerabilities in random number generation can lead to the compromise of sensitive data and the ability for attackers to gain unauthorized access to systems.

In terms of risk assessment, vulnerabilities in random number generation should be considered high risk due to the potential impact on the confidentiality, integrity, and availability of data and systems. Attackers can use these vulnerabilities to perform a variety of attacks, including cryptographic attacks, session hijacking, and privilege escalation.

Organizations should prioritize the patching and mitigation of vulnerabilities related to insecure randomness generation to reduce the risk of exploitation by attackers. This can involve updating affected software, applying patches, or implementing alternative solutions such as replacing the affected random number generator with a more secure one.

Overall, insecure randomness generation vulnerabilities pose a significant risk to the security of systems and the protection of sensitive data. As such, it is important for organizations to remain vigilant and take appropriate measures to address these vulnerabilities in a timely manner.

TOP 10 CWE for Insecure randomness generation in 2022

CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG): This weakness occurs when an application uses a weak or predictable pseudo-random number generator to create keys or other cryptographic material. Attackers can exploit this weakness to discover the keys and gain unauthorized access to the system. 

CWE-330: Use of Insufficiently Random Values: This weakness occurs when an application uses insufficiently random values to generate keys, session IDs, or other sensitive data. Attackers can exploit this weakness to predict the values and gain unauthorized access to the system. 

CWE-327: Use of a Broken or Risky Cryptographic Algorithm: This weakness occurs when an application uses a cryptographic algorithm that is known to be weak or broken, such as DES or RC4. Attackers can exploit this weakness to discover the keys and gain unauthorized access to the system. 

CWE-338: Predictable Seed in PRNG: This weakness occurs when an application uses a predictable seed to initialize a pseudo-random number generator. Attackers can exploit this weakness to predict the sequence of random numbers and gain unauthorized access to the system. 

CWE-330: Insufficient Entropy in PRNG: This weakness occurs when an application uses insufficient entropy to generate random numbers. Attackers can exploit this weakness to predict the sequence of random numbers and gain unauthorized access to the system. 

CWE-338: Use of Non-Cryptographic PRNG: This weakness occurs when an application uses a non-cryptographic pseudo-random number generator to create keys or other cryptographic material. Attackers can exploit this weakness to discover the keys and gain unauthorized access to the system. 

CWE-338: Use of Deterministic PRNG: This weakness occurs when an application uses a deterministic pseudo-random number generator to create keys or other cryptographic material. Attackers can exploit this weakness to discover the keys and gain unauthorized access to the system. 

CWE-330: Weak PRNG Algorithm: This weakness occurs when an application uses a weak pseudo-random number generator algorithm, such as Linear Congruential Generator (LCG). Attackers can exploit this weakness to predict the sequence of random numbers and gain unauthorized access to the system. 

CWE-338: Use of PRNG with Insufficient Output Size: This weakness occurs when an application uses a pseudo-random number generator with an insufficient output size to create keys or other cryptographic material. Attackers can exploit this weakness to discover the keys and gain unauthorized access to the system. 

CWE-338: Use of Predictable PRNG: This weakness occurs when an application uses a predictable pseudo-random number generator to create keys or other cryptographic material. Attackers can exploit this weakness to discover the keys and gain unauthorized access to the system. 

TOP 10 CVE for Insecure randomness generation in 2022

CVE-2022-3724: A flaw was found in the random number generator used by the Linux kernel’s networking subsystem. An attacker could use this flaw to guess the sequence of random numbers and bypass security measures. 

CVE-2021-33909: A flaw was found in the random number generator used by the Linux kernel’s filesystem encryption feature. An attacker could use this flaw to guess the sequence of random numbers and bypass security measures. 

CVE-2021-3580: A flaw was found in the random number generator used by the Samba Active Directory Domain Controller (AD DC). An attacker could use this flaw to guess the sequence of random numbers and bypass security measures. 

CVE-2021-28153: A flaw was found in the random number generator used by the PAM module for the OpenSSH server. An attacker could use this flaw to guess the sequence of random numbers and bypass security measures. 

CVE-2021-23384: A flaw was found in the random number generator used by the OpenSSL library. An attacker could use this flaw to guess the sequence of random numbers and bypass security measures. 

CVE-2021-3587: A flaw was found in the random number generator used by the cURL library. An attacker could use this flaw to guess the sequence of random numbers and bypass security measures. 

CVE-2021-3611: A flaw was found in the random number generator used by the TCP/IP stack in the FreeBSD operating system. An attacker could use this flaw to guess the sequence of random numbers and bypass security measures. 

CVE-2021-33034: A flaw was found in the random number generator used by the OpenVPN Connect client for Windows. An attacker could use this flaw to guess the sequence of random numbers and bypass security measures. 

CVE-2021-3731: A flaw was found in the random number generator used by the Apache Tomcat servlet container. An attacker could use this flaw to guess the sequence of random numbers and bypass security measures. 

CVE-2022-24441: A flaw was found in the random number generator used by the Kubernetes API server. An attacker could use this flaw to guess the sequence of random numbers and bypass security measures. 

General methodology and checklist for Insecure randomness generation

Identify areas where random number generation is used: Start by identifying the areas in the codebase or system where random number generation is used. This could include cryptographic functions, session tokens, password reset links, and other security-critical functionality.

Analyze the randomness generation algorithm: Once the areas where random number generation is used have been identified, analyze the algorithm being used to generate the random numbers. Evaluate whether the algorithm is using a cryptographically secure pseudorandom number generator (CSPRNG) or a non-secure random number generator.

Evaluate the entropy source: The quality of the entropy source used to seed the CSPRNG is important in ensuring the randomness of the generated numbers. Evaluate the entropy source and assess whether it is sufficient to ensure a high degree of randomness.

Test the randomness of the generated numbers: Conduct statistical tests to evaluate the randomness of the generated numbers. If the numbers are not sufficiently random, it may be possible for an attacker to predict the next number in the sequence.

Exploit the vulnerability: If the generated numbers are not sufficiently random, attempt to exploit the vulnerability to bypass security measures, gain unauthorized access, or perform other malicious activities.

Checklist:

  1. Use a CSPRNG: Ensure that a cryptographically secure pseudorandom number generator (CSPRNG) is used to generate random numbers. Avoid using non-secure random number generators, such as the rand() function in C.

  2. Use a high-quality entropy source: Use a high-quality entropy source to seed the CSPRNG. The entropy source should be unpredictable and of sufficient length to ensure the randomness of the generated numbers.

  3. Check the length of the generated numbers: Ensure that the generated numbers are sufficiently long to prevent brute-force attacks. The length of the generated numbers should be appropriate for the intended use case.

  4. Test the randomness of the generated numbers: Conduct statistical tests to evaluate the randomness of the generated numbers. Check for patterns or biases that could be exploited by an attacker.

  5. Implement secure defaults: Use secure defaults in the implementation of random number generation. This includes using strong cryptographic algorithms and key lengths.

Tips:

  1. Use a well-established CSPRNG: Consider using well-established CSPRNGs, such as the one provided by the OpenSSL library.

  2. Use a hardware entropy source: Consider using a hardware entropy source, such as a hardware random number generator, to ensure the quality of the entropy source.

  3. Use a software entropy source with caution: If using a software entropy source, such as the system clock or user input, ensure that it is of sufficient quality to ensure randomness.

  4. Avoid using predictable values: Avoid using predictable values, such as timestamps or incremental counters, to seed the CSPRNG.

Guides:

  1. OWASP Testing Guide: The OWASP Testing Guide includes a section on testing for randomness weaknesses in web applications.

  2. NIST SP 800-90A: The NIST SP 800-90A document provides guidance on the selection of cryptographic algorithms and the generation of random numbers.

  3. OpenSSL Cookbook: The OpenSSL Cookbook provides guidance on using the OpenSSL library for random number generation.

Automated and manual tools for exploiting Insecure randomness generation

Ent: Ent is a pseudorandom number sequence test program that is designed to detect potential biases and patterns in random number sequences.

Dieharder: Dieharder is a suite of statistical tests for measuring the quality of random number generators.

NIST Statistical Test Suite: The NIST Statistical Test Suite is a set of statistical tests for measuring the quality of random number generators.

OpenSSL: OpenSSL is a cryptographic library that includes a pseudorandom number generator.

John the Ripper: John the Ripper is a password cracking tool that can be used to test the randomness of passwords and other random strings.

Hashcat: Hashcat is a password cracking tool that can be used to test the randomness of passwords and other random strings.

Metasploit Framework: Metasploit Framework is an open-source penetration testing tool that can be used to test the security of systems and applications.

Burp Suite: Burp Suite is a suite of web application security tools that includes a scanner for identifying vulnerabilities, including those related to random number generation.

ZAP: ZAP is an open-source web application security scanner that includes a scanner for identifying vulnerabilities, including those related to random number generation.

How user can be protected from Insecure randomness generation

Use a reputable service or application: Make sure the service or application you are using is reputable and has a history of taking security seriously.

Keep your software up-to-date: Make sure your operating system, web browser, and applications are all up-to-date with the latest security patches.

Use two-factor authentication: Two-factor authentication adds an extra layer of security to your account and can help protect against attacks that rely on insecure randomness generation.

Avoid using weak passwords: Use strong, unique passwords for each account and avoid using passwords that are easy to guess.

Be cautious of phishing attacks: Phishing attacks can be used to trick you into revealing your login credentials or other sensitive information. Be cautious of emails or messages that ask you to click on a link or provide personal information.

Use a password manager: A password manager can help you create and manage strong, unique passwords for each account, making it easier to avoid weak passwords.

Check for SSL/TLS encryption: If you are using a web service, make sure it uses SSL/TLS encryption to protect your data in transit.

Consider using a VPN: A VPN can add an extra layer of security by encrypting your internet traffic and hiding your IP address.

How companies and its developers can prevent Insecure randomness generation

Use a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG): A CSPRNG is an algorithm designed to generate random numbers that are statistically unpredictable and provide a high degree of randomness. Developers should use a well-known and tested CSPRNG algorithm that meets industry standards, such as the Secure Hash Algorithm (SHA), Advanced Encryption Standard (AES), or Rivest–Shamir–Adleman (RSA) algorithm.

Seed the CSPRNG Properly: The CSPRNG algorithm requires an initial value, known as a seed, to generate a sequence of random numbers. Developers should use a unique and unpredictable seed, such as system-specific data, user input, or a hardware random number generator, to ensure randomness. It is essential to avoid using predictable or static seeds, such as the current time or a fixed value, which can make the generated numbers vulnerable to attacks.

Use Sufficient Entropy: Entropy refers to the amount of randomness in a system or data source. Developers should use sufficient entropy to generate random numbers that are more secure and unpredictable. Examples of sources of entropy include hardware events such as mouse movements, keyboard strokes, or network traffic. Developers can also use a combination of multiple entropy sources to improve randomness.

Perform Adequate Testing and Validation: Developers should test and validate the CSPRNG implementation thoroughly to ensure that it generates truly random and unpredictable numbers. They should use standard testing techniques, such as the National Institute of Standards and Technology (NIST) statistical tests, to check the quality of the random numbers. They should also audit the code for weaknesses or vulnerabilities that may compromise the CSPRNG.

Use Secure Coding Practices: Developers should use secure coding practices to minimize the risk of insecure randomness generation. They should avoid using weak or deprecated random number generation functions or algorithms, such as the rand() function in C language. Instead, they should use a well-known CSPRNG library or function provided by the programming language. They should also implement input validation and error handling mechanisms to prevent unexpected or malicious inputs.

Books with review of Insecure randomness generation

“Black Hat Python: Python Programming for Hackers and Pentesters” by Justin Seitz (2014): This book provides an introduction to Python programming for pentesters, with a focus on building tools for offensive security testing. Chapter 9, “Network Hacking with Python,” covers topics such as sniffing packets and exploiting insecure random number generators.

“Web Application Security: A Beginner’s Guide” by Bryan Sullivan and Vincent Liu (2011): This book provides an overview of web application security testing, including techniques for identifying and exploiting vulnerabilities. Chapter 3, “Web Application Architecture and Security,” covers topics such as session management and random number generation.

“The Basics of Hacking and Penetration Testing” by Patrick Engebretson (2013): This book provides an introduction to ethical hacking and penetration testing, with a focus on using open source tools. Chapter 8, “Web Application Vulnerabilities,” covers topics such as session management and insecure random number generation.

“Python Penetration Testing Cookbook” by Rejah Rehim (2015): This book provides a collection of Python-based recipes for pentesters, including techniques for identifying and exploiting vulnerabilities in web applications. Chapter 8, “Client-Side Attacks,” covers topics such as exploiting insecure random number generators.

“Advanced Penetration Testing: Hacking the World’s Most Secure Networks” by Wil Allsopp (2017): This book provides an advanced overview of penetration testing techniques, including topics such as social engineering and physical security testing. Chapter 4, “Web Applications,” covers topics such as session management and insecure random number generation.

Useful resources for education

Cryptopals Crypto Challenges: This is a free online course designed to teach cryptography concepts and applied security, including insecure randomness generation. The course consists of a series of challenges that cover a variety of topics related to cryptography and security, including cryptographic attacks, side-channel attacks, and more. The challenges are designed to be completed in sequence and provide hands-on experience with real-world cryptography problems.

Link: https://cryptopals.com/

OWASP Top Ten: The OWASP Top Ten is a list of the top ten most critical web application security risks, including insecure randomness generation. The OWASP website provides detailed information on each risk, along with guidance on how to prevent and detect these vulnerabilities. This resource is useful for understanding the impact of insecure randomness generation on web application security.

Link: https://owasp.org/Top10/

HackTheBox: HackTheBox is an online platform that provides a range of cybersecurity challenges, including challenges related to cryptography and insecure randomness generation. The challenges are designed to test participants’ skills in various areas of cybersecurity, including penetration testing, web application security, and more. Participants can work on the challenges individually or in teams and earn points based on their performance.

Link: https://www.hackthebox.eu/

Randomness Testing: This is a free online tool that allows users to test the quality of random number generators. The tool provides a range of statistical tests that can be used to evaluate the randomness of a sequence of numbers. The tests include frequency tests, serial tests, and more, and can be used to identify weaknesses in random number generators.

Link: https://www.randomnesstesting.com/

NIST Special Publication 800-90A: This is a publication by the National Institute of Standards and Technology (NIST) that provides guidelines for the design and implementation of random number generators. The publication includes a set of statistical tests that can be used to evaluate the quality of random number generators, as well as guidance on the use of entropy sources and other key considerations for secure random number generation.

Link: https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final

Conclusion

Insecure randomness generation is a serious vulnerability in cybersecurity that can lead to a variety of attacks and compromises of sensitive information. When cryptographic keys, passwords, or other secret data are generated using insecure random number generators, attackers can potentially predict or guess these values and gain unauthorized access to systems or data.

One of the main challenges in preventing insecure randomness generation is that it can be difficult to detect. In many cases, the effects of insecure randomness generation are not immediately visible, and it may take some time before the vulnerability is discovered and exploited. This makes it essential for developers to take proactive measures to prevent insecure randomness generation, such as using trusted sources of entropy and carefully testing and validating random number generators.

The impact of insecure randomness generation can be significant, especially in the context of web applications and other online services that rely on secure random number generation. Attackers who are able to compromise these systems can potentially gain access to sensitive information, compromise user accounts, or carry out other malicious activities.

In summary, insecure randomness generation is a serious cybersecurity vulnerability that can have significant consequences for the security and privacy of data. It is important for developers and security professionals to be aware of this risk and take appropriate measures to prevent and mitigate it.

Other Services

Ready to secure?

Let's get in touch