CWE-323: Reusing a Nonce, Key Pair in Encryption
GPTKB entity
Statements (18)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
gptkbp:affectedResource |
Cryptographic protocols
|
gptkbp:category |
Cryptographic Issues
|
gptkbp:consequence |
May allow attackers to recover plaintext or cryptographic keys.
|
gptkbp:describes |
The software reuses a nonce value, key pair, or initialization vector in a way that is insecure for the cryptographic algorithm being used.
|
gptkbp:example |
Reusing the same ephemeral key pair in ECDH.
Reusing the same nonce in GCM mode. Reusing the same IV in AES-CBC mode for multiple messages. |
https://www.w3.org/2000/01/rdf-schema#label |
CWE-323: Reusing a Nonce, Key Pair in Encryption
|
gptkbp:likelihoodOfExploit |
High
|
gptkbp:mitigatedBy |
Ensure that nonces, IVs, and key pairs are unique for each operation as required by the cryptographic algorithm.
|
gptkbp:relatedTo |
CWE-320: Key Management Errors
CWE-330: Use of Insufficiently Random Values |
gptkbp:status |
Draft
|
gptkbp:vulnerableTo |
gptkb:CWE-323
|
gptkbp:weakness |
gptkb:Base
|
gptkbp:bfsParent |
gptkb:CVE-2017-13078
|
gptkbp:bfsLayer |
7
|