CWE-323: Reusing a Nonce, Key Pair in Encryption
GPTKB entity
Statements (18)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:affectedResource |
Cryptographic protocols
|
| gptkbp:category |
Cryptographic Issues
|
| gptkbp:consequence |
May allow attackers to recover plaintext or cryptographic keys.
|
| gptkbp:describes |
The software reuses a nonce value, key pair, or initialization vector in a way that is insecure for the cryptographic algorithm being used.
|
| gptkbp:example |
Reusing the same ephemeral key pair in ECDH.
Reusing the same nonce in GCM mode. Reusing the same IV in AES-CBC mode for multiple messages. |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-323: Reusing a Nonce, Key Pair in Encryption
|
| gptkbp:likelihoodOfExploit |
High
|
| gptkbp:mitigatedBy |
Ensure that nonces, IVs, and key pairs are unique for each operation as required by the cryptographic algorithm.
|
| gptkbp:relatedTo |
CWE-320: Key Management Errors
CWE-330: Use of Insufficiently Random Values |
| gptkbp:status |
Draft
|
| gptkbp:vulnerableTo |
gptkb:CWE-323
|
| gptkbp:weakness |
gptkb:Base
|
| gptkbp:bfsParent |
gptkb:CVE-2017-13078
|
| gptkbp:bfsLayer |
7
|