CWE-323: Reusing a Nonce, Key Pair in Encryption
Nonces should be used for the present occasion and only once.
View on MITRETechnical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.
Mitigation Strategies
Phase
Description
Refuse to reuse nonce values.
Phase
Description
Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
Demonstrative Examples
This code takes a password, concatenates it with a nonce, then encrypts it before sending over a network:
Because the nonce used is always the same, an attacker can impersonate a trusted party by intercepting and resending the encrypted password. This attack avoids the need to learn the unencrypted password.
This code sends a command to a remote server, using an encrypted password and nonce to prove the command is from a trusted party:
Once again the nonce used is always the same. An attacker may be able to replay previous legitimate commands or execute new arbitrary commands.
CWE Relationships
No relationship information available for this CWE.
Frequently Asked Questions
What is CWE-323: Reusing a Nonce, Key Pair in Encryption?+
CWE-323: Reusing a Nonce, Key Pair in Encryption is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Nonces should be used for the present occasion and only once.
What are the security consequences of Reusing a Nonce, Key Pair in Encryption?+
If exploited, CWE-323 (Reusing a Nonce, Key Pair in Encryption) it can compromise Access Control, leading to outcomes such as Bypass Protection Mechanism and Gain Privileges or Assume Identity.
How do you prevent or mitigate Reusing a Nonce, Key Pair in Encryption?+
Recommended mitigations for CWE-323 include: Refuse to reuse nonce values. Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.
Which programming languages are affected by Reusing a Nonce, Key Pair in Encryption?+
CWE-323 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-323 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.