CR-WEAK-RNGCredential Access

Predictable Random Number Generation

Reset tokens / session IDs use Math.random / Mersenne Twister / time(NULL) — observe a few values, predict the rest.

§ Where this technique fits

CR-WEAK-RNG is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 2 on average.

§ Dossiers chaining this technique

Predictable RNG → forge password-reset tokens
App generates reset tokens via Math.random / Mersenne Twister seeded with time(). Capture a few legit tokens, recover the internal state, predict the next token for any user.
step 2 / 6

§ What commonly comes next

01
Valid Accounts
T1078 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Predictable RNG → forge password-reset tokens

§ What commonly comes next