CWE-323: Reusing a Nonce, Key Pair in Encryption

GPTKB entity

Statements (18)
Predicate Object
gptkbp:instanceOf gptkb:Common_Weakness_Enumeration
gptkbp:affectedResource Cryptographic protocols
gptkbp:category Cryptographic Issues
gptkbp:consequence May allow attackers to recover plaintext or cryptographic keys.
gptkbp:describes The software reuses a nonce value, key pair, or initialization vector in a way that is insecure for the cryptographic algorithm being used.
gptkbp:example Reusing the same ephemeral key pair in ECDH.
Reusing the same nonce in GCM mode.
Reusing the same IV in AES-CBC mode for multiple messages.
https://www.w3.org/2000/01/rdf-schema#label CWE-323: Reusing a Nonce, Key Pair in Encryption
gptkbp:likelihoodOfExploit High
gptkbp:mitigatedBy Ensure that nonces, IVs, and key pairs are unique for each operation as required by the cryptographic algorithm.
gptkbp:relatedTo CWE-320: Key Management Errors
CWE-330: Use of Insufficiently Random Values
gptkbp:status Draft
gptkbp:vulnerableTo gptkb:CWE-323
gptkbp:weakness gptkb:Base
gptkbp:bfsParent gptkb:CVE-2017-13078
gptkbp:bfsLayer 7