Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-323 (在加密中重用Nonce与密钥对) — Vulnerability Class 28

28 vulnerabilities classified as CWE-323 (在加密中重用Nonce与密钥对). AI Chinese analysis included.

CWE-323 represents a cryptographic weakness where developers improperly reuse nonces or key pairs in encryption operations, violating the fundamental principle that these values must be unique per session. This flaw is typically exploited by attackers who leverage the repeated cryptographic material to perform statistical analysis, recover plaintext messages, or forge valid authentication tokens. By observing patterns in ciphertexts generated with identical keys or nonces, adversaries can bypass security controls and gain unauthorized access to sensitive data. To prevent this vulnerability, developers must implement robust random number generators to create cryptographically secure, unique nonces for every encryption instance. Additionally, strict key management protocols should ensure that private keys are never reused across different contexts or sessions, thereby maintaining the integrity and confidentiality of the encrypted communication channel.

MITRE CWE Description
Nonces should be used for the present occasion and only once.
Common Consequences (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.
Mitigations (2)
ImplementationRefuse to reuse nonce values.
ImplementationUse techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.
Examples (2)
This code takes a password, concatenates it with a nonce, then encrypts it before sending over a network:
void encryptAndSendPassword(char *password){ char *nonce = "bad"; ... char *data = (unsigned char*)malloc(20); int para_size = strlen(nonce) + strlen(password); char *paragraph = (char*)malloc(para_size); SHA1((const unsigned char*)paragraph,parsize,(unsigned char*)data); sendEncryptedData(data) }
Bad · C
This code sends a command to a remote server, using an encrypted password and nonce to prove the command is from a trusted party:
String command = new String("some command to execute"); MessageDigest nonce = MessageDigest.getInstance("SHA"); nonce.update(String.valueOf("bad nonce")); byte[] nonce = nonce.digest(); MessageDigest password = MessageDigest.getInstance("SHA"); password.update(nonce + "secretPassword"); byte[] digest = password.digest(); sendCommand(digest, command)
Bad · C++
CVE IDTitleCVSSSeverityPublished
CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse — wolfSSL 9.1AICriticalAI2026-04-09
CVE-2026-3559 Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability — Hue Bridge 8.8AIHighAI2026-03-13
CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack — Red Hat Enterprise Linux 10 5.8 Medium2026-03-12
CVE-2026-25998 strongMan vulnerable to private credential recovery due to key and counter reuse — strongMan 5.3 -2026-02-19
CVE-2025-47345 Reusing a Nonce, Key Pair in Encryption in Automotive Platform — Snapdragon 8.4 High2026-01-06
CVE-2025-61739 Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4, PowerG reusing a nonce, key pair in encryption — IQ Panels2, 2+, IQHub, IQPanel 4, PowerG 7.5AIHighAI2025-12-22
CVE-2025-64767 hpke-js reuses AEAD nonces — hpke-js 9.1 Critical2025-11-21
CVE-2024-11022 SICK InspectorP61x and SICK InspectorP62x are vulnerable for a replay attack — SICK InspectorP61x 5.6 Medium2024-12-06
CVE-2024-21530 Cocoon 安全漏洞 — cocoon 4.5 Medium2024-10-02
CVE-2024-41951 PheonixAppAPI has visible Encoding Maps — PheonixAppAPI 4.4 Medium2024-07-31
CVE-2023-7003 CVE-2023-7003 — Kontrol Lux 5.3 -2024-03-15
CVE-2024-23688 Consensys Discovery Nonce Reuse 7.5 -2024-01-19
CVE-2022-24401 Keystream recovery for arbitrary frames in TETRA — TETRA Standard 8.8 High2023-10-19
CVE-2023-4680 Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption — Vault 6.8 Medium2023-09-14
CVE-2023-37467 Discourse CSP nonce reuse vulnerability for anonymous users — discourse 6.8 Medium2023-07-28
CVE-2023-28997 Nextcloud Desktop: Initialization vector reuse in E2EE allows malicious server admin to break, manipulate, access files — security-advisories 6.7 Medium2023-04-04
CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc — mod_auth_openidc 5.9 Medium2021-07-26
CVE-2020-1759 多款Red Hat产品安全特征问题漏洞 — ceph 6.4 Medium2020-04-13
CVE-2019-7593 Metasys use of shared RSA key pairs — Metasys versions prior to 9.0 7.5 -2019-08-20
CVE-2017-13088 WPA和WPA2 安全特征问题漏洞 — Wi-Fi Protected Access (WPA and WPA2) 5.3 -2017-10-17
CVE-2017-13086 WPA和WPA2 安全特征问题漏洞 — Wi-Fi Protected Access (WPA and WPA2) 6.8 -2017-10-17
CVE-2017-13084 WPA和WPA2 安全特征问题漏洞 — Wi-Fi Protected Access (WPA and WPA2) 6.8 -2017-10-17
CVE-2017-13082 WPA和WPA2 安全特征问题漏洞 — Wi-Fi Protected Access (WPA and WPA2) 6.8 -2017-10-17
CVE-2017-13081 WPA和WPA2 安全特征问题漏洞 — Wi-Fi Protected Access (WPA and WPA2) 5.3 -2017-10-17
CVE-2017-13080 Intel PROSet/Wireless WiFi Software 安全特征问题漏洞 — Wi-Fi Protected Access (WPA and WPA2) 5.3 -2017-10-17
CVE-2017-13079 WPA和WPA2 安全特征问题漏洞 — Wi-Fi Protected Access (WPA and WPA2) 5.3 -2017-10-17
CVE-2017-13078 WPA和WPA2 安全特征问题漏洞 — Wi-Fi Protected Access (WPA and WPA2) 5.3 -2017-10-17
CVE-2017-7902 多款Rockwell Automation产品安全漏洞 — Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 9.8 -2017-06-30

Vulnerabilities classified as CWE-323 (在加密中重用Nonce与密钥对) represent 28 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.