Insecure Randomness

ID

python.insecure_randomness

Severity

high

Resource

Predictability

Language

Python

Tags

CWE:330, CWE:332, CWE:336, CWE:337, CWE:338, NIST.SP.800-53, OWASP:2021:A2, PCI-DSS:6.5.3

Description

Use of cryptographically weak pseudo-random number generator (PRNG).

Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in a security-sensitive context.

Computers are unable to produce true randomness. Pseudo-Random Number Generators (PRNGs) approximate randomness algorithmically, starting with a seed from which subsequent values are calculated.

There are two types of PRNGs: statistical and cryptographic. Statistical PRNGs provide useful statistical properties, but their output is predictable and forms an easy to reproduce numeric stream, unsuitable for use in cases where security depends on generated values being unpredictable.

Cryptographic PRNGs address this problem by generating output that is more difficult to predict. For a value to be cryptographically secure, it must be highly improbable for an attacker to distinguish between it and a truly random value. In general, if a PRNG algorithm is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts, where its use can lead to serious vulnerabilities such as easy-to-guess temporary passwords, predictable cryptographic keys, session hijacking, and DNS spoofing.

Rationale

Randomness is often utilized in software applications for generating keys, tokens, session identifiers, and more. However, not all random number generators are suitable for security-sensitive tasks.

Example of insecure randomness:

import random

def generate_token():
    # Predictable: not suitable for security tokens
    token = str(random.randint(100000, 999999))
    return token

If this kind of token is used for password recovery, login validation, or MFA, an attacker could potentially guess the token, especially if they know the time it was generated or have access to previous tokens. That leads to account takeover or unauthorized access.

Remediation

Always use cryptographically secure randomness for security-sensitive operations. In Python, the secrets and os.urandom modules are designed for this purpose.

Here are the recommended secure alternative:

import secrets

def generate_token():
    # Secure: cryptographically strong token
    secure_token = str(secrets.randbelow(1000000)).zfill(6)
    return secure_token

To remediate issues related to insecure randomness in Python:

  1. Avoid seeding PRNGs, as predictable seeds (e.g., time-based) reduce randomness and make outputs guessable.

  2. Do not mix cryptographic and non-cryptographic random generators. this can weaken the overall entropy and introduce predictability.

  3. Review third-party libraries for insecure use of randomness. especially in authentication, session, or token generation features.

By replacing insecure random functions with secure ones, the application significantly reduces the risk of token prediction and related security issues.

Configuration

The rule has the following configurable parameters:

  • checkSecurityContext, that indicates if the detector should raise issues that are not located under a security context. When this is set to false, the issues not located under a security context will still be reported but with INFO severity.

  • securityContextPattern, the pattern used to match the code units (like functions) that are related to a security context.

References

  • CWE-338 : Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG).

  • CWE-330 : Use of Insufficiently Random Values

  • CWE-332 : Insufficient Entropy in PRNG

  • CWE-336 : Same Seed in Pseudo-Random Number Generator (PRNG)

  • CWE-337 : Predictable Seed in Pseudo-Random Number Generator (PRNG)

  • OWASP - Top 10 2021 - A2 : Cryptographic Failures