Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-329 (在CBC加密模式中未使用随机化IV向量) — Vulnerability Class 6

6 vulnerabilities classified as CWE-329 (在CBC加密模式中未使用随机化IV向量). AI Chinese analysis included.

CWE-329 represents a cryptographic weakness where a software system generates a predictable initialization vector (IV) for Cipher Block Chaining (CBC) mode encryption. This flaw undermines the security benefits of CBC, which relies on unique, unpredictable IVs to ensure that identical plaintext blocks produce distinct ciphertext blocks. Attackers typically exploit this vulnerability by leveraging the deterministic nature of the IV to perform dictionary or brute-force attacks, particularly when the same encryption key is reused across multiple sessions. By observing patterns in the ciphertext, adversaries can deduce information about the underlying plaintext or verify guesses about specific data segments. Developers can prevent this weakness by ensuring that IVs are generated using a cryptographically secure random number generator for each encryption operation, thereby guaranteeing uniqueness and unpredictability even when the same key is employed repeatedly.

MITRE CWE Description
The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key. CBC mode eliminates a weakness of Electronic Code Book (ECB) mode by allowing identical plaintext blocks to be encrypted to different ciphertext blocks. This is possible by the XOR-ing of an IV with the initial plaintext block so that every plaintext block in the chain is XOR'd with a different value before encryption. If IVs are reused, then identical plaintexts would be encrypted to identical ciphertexts. However, even if IVs are not identical but are predictable, then they still break the security of CBC mode against Chosen Plaintext Attacks (CPA).
Common Consequences (1)
ConfidentialityRead Application Data
If the IV is not properly initialized, data that is encrypted can be compromised and leak information.
Mitigations (1)
ImplementationNIST recommends two methods of generating unpredictable IVs for CBC mode [REF-1172]. The first is to generate the IV randomly. The second method is to encrypt a nonce with the same key and cipher to be used to encrypt the plaintext. In this case the nonce must be unique but can be predictable, since the block cipher will act as a pseudo random permutation.
Examples (1)
In the following examples, CBC mode is used when encrypting data:
EVP_CIPHER_CTX ctx; char key[EVP_MAX_KEY_LENGTH]; char iv[EVP_MAX_IV_LENGTH]; RAND_bytes(key, b); memset(iv,0,EVP_MAX_IV_LENGTH); EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);
Bad · C
public class SymmetricCipherTest { public static void main() { byte[] text ="Secret".getBytes(); byte[] iv ={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; KeyGenerator kg = KeyGenerator.getInstance("DES"); kg.init(56); SecretKey key = kg.generateKey(); Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding"); IvParameterSpec ips = new IvParameterSpec(iv); cipher.init(Cipher.ENCRYPT_MODE, key, ips); return cipher.doFinal(inpBytes); } }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2024-49783 IBM OpenPages with Watson information disclosure — OpenPages with Watson 5.3 Medium2025-07-08
CVE-2022-29054 Fortinet FortiOS 安全漏洞 — FortiOS 3.1 Low2023-02-16
CVE-2021-27499 Ypsomed mylife App 安全特征问题漏洞 — Ypsomed mylife Cloud, mylife Mobile Application 5.9 -2021-08-02
CVE-2020-5408 Dictionary attack with Spring Security queryable text encryptor — Spring Security 4.3 -2020-05-14
CVE-2017-3225 Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector that may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data — U-Boot 3.9 -2018-07-24
CVE-2017-3226 Das U-Boot's AES-CBC encryption feature improperly handles an error condition and may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data — U-Boot 6.4 -2018-07-24

Vulnerabilities classified as CWE-329 (在CBC加密模式中未使用随机化IV向量) represent 6 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.