...
Code Block |
---|
1st run: 3921124303, 1253168518, 1183339582, 197772533, 83186419, 2599073270, 3238222340, 101548389, 296330365, 3335314032, 2nd run: 2392369099, 2509898672, 2135685437, 3733236524, 883966369, 2529945396, 764222328, 138530885, 4209173263, 1693483251, 3rd run: 914243768, 2191798381, 2961426773, 3791073717, 2222867426, 1092675429, 2202201605, 850375565, 3622398137, 422940882, ... |
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC51-CPP | Medium | Likely | Low | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description |
---|
Astrée |
| default-construction | Partially checked | ||||||
Axivion Bauhaus Suite |
| CertC++-MSC51 | |||||||
CodeSonar |
| HARDCODED.SEED | Hardcoded Seed in PRNG | ||||||
Helix QAC |
| C++5041 | |||||||
Klocwork |
| AUTOSAR.STDLIB.RANDOM.NBR_GEN_DEFAULT_INIT | |||||||
Polyspace Bug Finder |
| CERT C++: MSC51-CPP | Checks for:
Rule partially covered. | ||||||
Parasoft C/C++test |
| CERT_CPP-MSC51-a | Properly seed pseudorandom number generators | ||||||
PVS-Studio |
| V1057 | |||||||
RuleChecker |
| default-construction | Partially checked |
Related Vulnerabilities
Using a predictable seed value, such as the current time, result in numerous vulnerabilities, such as the one described by CVE-2008-1637.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C Coding Standard | MSC32-C. Properly seed pseudorandom number generators |
MITRE CWE | CWE-327, Use of a Broken or Risky Cryptographic Algorithm CWE-330, Use of Insufficiently Random Values CWE-337, Predictable Seed in PRNG |
Bibliography
[ISO/IEC 9899:2011] | Subclause 7.22.2, "Pseudo-random Sequence Generation Functions" |
[ISO/IEC 14882-2014] | Subclause 26.5, "Random Number Generation" |
...
...