Reusing a Nonce, Key Pair in Encryption| ID: 323 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: INCOMPLETE |
| Abstraction Type: Base |
Description
Nonces should be used for the present occasion and only
once.
Likelihood of Exploit: High
Applicable PlatformsLanguage Class: All
Time Of Introduction
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Access_Control | Bypass protection
mechanismGain privileges / assume
identity | Potentially a replay attack, in which an attacker could send the same
data twice, could be crafted if nonces are allowed to be reused. This
could allow a user to send a message which masquerades as a valid
message from a valid user. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Implementation | | Refuse to reuse nonce values. | | |
| Implementation | | Use techniques such as requiring incrementing, time based and/or
challenge response to assure uniqueness of nonces. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-323 ChildOf CWE-903 | Category | CWE-888 | |
Demonstrative Examples (Details)
- This code sends a command to a remote server, using an encrypted
password and nonce to prove the command is from a trusted
party:
- This code takes a password, concatenates it with a nonce, then
encrypts it before sending over a network:
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| CLASP | | Reusing a nonce, key pair in encryption | |
References:None
