Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1204 — Vulnerability Class 2

2 vulnerabilities classified as CWE-1204. AI Chinese analysis included.

CWE-1204 represents a cryptographic weakness where software fails to generate Initialization Vectors (IVs) that are sufficiently unique or unpredictable for the specific cryptographic primitive in use. This flaw typically enables attackers to exploit patterns in encrypted data, facilitating statistical analysis, plaintext recovery, or chosen-plaintext attacks by correlating multiple ciphertexts encrypted with the same or predictable IVs. Such predictability undermines the confidentiality guarantees of symmetric encryption schemes like AES in CBC mode. To mitigate this risk, developers must ensure IVs are generated using cryptographically secure random number generators or derived from unique nonces as mandated by the algorithm’s specification. Adhering to established cryptographic standards prevents IV reuse and ensures that each encryption operation produces distinct, unpredictable outputs, thereby maintaining data integrity and secrecy against sophisticated cryptanalytic techniques.

MITRE CWE Description
The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive. By design, some cryptographic primitives (such as block ciphers) require that IVs must have certain properties for the uniqueness and/or unpredictability of an IV. Primitives may vary in how important these properties are. If these properties are not maintained, e.g. by a bug in the code, then the cryptography may be weakened or broken by attacking the IVs themselves.
Common Consequences (1)
ConfidentialityRead Application Data
If the IV is not properly initialized, data that is encrypted can be compromised and information about the data can be leaked. See [REF-1179].
Mitigations (1)
ImplementationDifferent cipher modes have different requirements for their IVs. When choosing and implementing a mode, it is important to understand those requirements in order to keep security guarantees intact. Generally, it is safest to generate a random IV, since it will be both unpredictable and have a very low chance of being non-unique. IVs d…
Examples (2)
In the following examples, CBC mode is used when encrypting data:
EVP_CIPHER_CTX ctx; char key[EVP_MAX_KEY_LENGTH]; char iv[EVP_MAX_IV_LENGTH]; RAND_bytes(key, b); memset(iv,0,EVP_MAX_IV_LENGTH); EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);
Bad · C
public class SymmetricCipherTest { public static void main() { byte[] text ="Secret".getBytes(); byte[] iv ={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; KeyGenerator kg = KeyGenerator.getInstance("DES"); kg.init(56); SecretKey key = kg.generateKey(); Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding"); IvParameterSpec ips = new IvParameterSpec(iv); cipher.init(Cipher.ENCRYPT_MODE, key, ips); return cipher.doFinal(inpBytes); } }
Bad · Java
The Wired Equivalent Privacy (WEP) protocol used in the 802.11 wireless standard only supported 40-bit keys, and the IVs were only 24 bits, increasing the chances that the same IV would be reused for multiple messages. The IV was included in plaintext as part of the packet, making it directly observable to attackers. Only 5000 messages are needed before a collisi…
CVE IDTitleCVSSSeverityPublished
CVE-2025-0714 Insecure storage of sensitive information in MobaXTerm <25.0. — MobaXterm 6.5 Medium2025-02-17
CVE-2023-2747 Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data — GSDK 3.1 Low2023-06-15

Vulnerabilities classified as CWE-1204 represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.