Weakness reference
CWE-337

Predictable Seed in Pseudo-Random Number Generator (PRNG)

This weakness occurs when a PRNG is initialized with a seed value that an attacker can predict or reproduce — such as the current time, process ID, or other…

01Summary

This weakness occurs when a PRNG is initialized with a seed value that an attacker can predict or reproduce — such as the current time, process ID, or other easily observable system state. Because PRNGs are deterministic, knowing the seed allows an attacker to predict every "random" number the generator will produce, defeating the security purpose of randomness in cryptographic tokens, session IDs, password resets, and other security-critical operations.

02How It Happens

Pseudo-random number generators are deterministic algorithms: given the same seed, they always produce the same sequence of outputs. This is useful for testing and simulation, but dangerous for security. When a developer seeds a PRNG with a value that an attacker can guess or observe — such as time(), the process ID, or a combination of easily known values — the attacker can reproduce the entire sequence of "random" numbers offline. This is especially critical in cryptographic contexts where randomness is the only barrier between an attacker and a valid token or key.

The vulnerability is often introduced by developers who assume that a PRNG is inherently unpredictable, or who use convenience functions designed for non-security purposes (like random.seed(time.time()) in Python or mt_rand() in PHP) without understanding their limitations.

03Real-World Impact

An attacker who can predict the PRNG output can forge session tokens, password-reset links, CSRF tokens, or cryptographic nonces. This can lead to account takeover, unauthorized actions on behalf of legitimate users, or bypass of security controls that rely on unpredictable values. The severity depends on what the predicted values protect — a predictable session token is a direct path to account compromise.

04Vulnerable & Fixed Patterns

Vulnerable pattern
import random
import time

def generate_session_token():
    random.seed(time.time())
    token = random.randint(1000000, 9999999)
    return str(token)

Why it's vulnerable:
The seed is set to the current Unix timestamp, which an attacker can easily guess or observe. An attacker who knows approximately when the token was generated can reproduce the same sequence of random numbers.

Fixed pattern
import secrets

def generate_session_token():
    token = secrets.token_hex(16)
    return token
Vulnerable pattern
<?php
function generate_reset_token() {
    mt_srand(time());
    $token = mt_rand(100000, 999999);
    return (string)$token;
}
?>

Why it's vulnerable:
The seed is set to the current Unix timestamp. An attacker can predict or brute-force the timestamp and reproduce the same token.

Fixed pattern
<?php
function generate_reset_token() {
    $token = bin2hex(random_bytes(16));
    return $token;
}
?>

05Prevention Checklist

Use cryptographically secure random functions: secrets module in Python, random_bytes() in PHP, or equivalent in your language — never seed a PRNG manually for security purposes.
Never use timestamps, process IDs, or other observable system state as seeds for security-critical randomness.
Audit all token, nonce, and session ID generation code to ensure it uses a cryptographic RNG, not a general-purpose PRNG.
If you must use a PRNG library, verify its documentation explicitly states it is suitable for cryptographic use.
Test your random value generation by checking that the same code run at different times produces different outputs, and that outputs cannot be reproduced by an attacker who knows the approximate time of generation.

06Signs You May Already Be Affected

Look for use of random.seed(), mt_srand(), srand(), or similar manual seeding in security-sensitive code paths. Check logs for repeated or predictable token values, or for multiple password-reset or session tokens that follow a mathematical pattern. If an attacker has reported being able to forge tokens or predict session IDs, this weakness may be the root cause.

07Related Recent Vulnerabilities