CWE-331 · Insufficient Entropy

132 CVEs classified under CWE-331 (Insufficient Entropy). Browse by severity and year.

Top CVEs for CWE-331
CVESeverityScorePublishedSummary
CVE-2020-36925Critical9.82026-01-06Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authenticat…
CVE-2025-66565Critical9.82025-12-09Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (c…
CVE-2025-47781Critical9.82025-05-14Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a…
CVE-2024-47945Critical9.82024-10-15The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with onl…
CVE-2024-25730Critical9.82024-02-23Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insuff…
CVE-2023-49599Critical9.82024-01-10An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HT…
CVE-2023-4344Critical9.82023-08-15Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
CVE-2022-34294Critical9.82022-08-15totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to preve…
CVE-2021-41615Critical9.82022-08-08websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which d…
CVE-2021-36294Critical9.82022-01-25Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulne…
CVE-2021-22727Critical9.82021-07-21A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV…
CVE-2021-33027Critical9.82021-07-19Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.
CVE-2020-10285Critical9.82020-07-15The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. There is no mechanism in place to…
CVE-2020-12735Critical9.82020-05-08reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.
CVE-2013-2260Critical9.82019-11-04Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness
CVE-2018-1000620Critical9.82018-07-09Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is m…
CVE-2008-2108Critical9.82008-05-07The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zer…
CVE-2024-36400Critical9.42024-06-04nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the `nano_i…
CVE-2025-67504Critical9.12025-12-09WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not c…
CVE-2024-58040Critical9.12025-09-30Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.