{"@ID": "323", "@Name": "Reusing a Nonce, Key Pair in Encryption", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Incomplete", "Description": "Nonces should be used for the present occasion and only once.", "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "344", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Resultant"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}}, "Background_Details": {"Background_Detail": "Nonces are often bundled with a key in a communication exchange to produce a new session key for each exchange."}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Architecture and Design", "Note": "REALIZATION: This weakness is caused during implementation of an architectural security tactic."}}, "Likelihood_Of_Exploit": "High", "Common_Consequences": {"Consequence": {"Scope": "Access Control", "Impact": ["Bypass Protection Mechanism", "Gain Privileges or Assume Identity"], "Note": "Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user."}}, "Detection_Methods": {"Detection_Method": {"@Detection_Method_ID": "DM-14", "Method": "Automated Static Analysis", "Description": "Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect \"sources\" (origins of input) with \"sinks\" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)"}}, "Potential_Mitigations": {"Mitigation": [{"Phase": "Implementation", "Description": "Refuse to reuse nonce values."}, {"Phase": "Implementation", "Description": "Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces."}]}, "Demonstrative_Examples": {"Demonstrative_Example": [{"Intro_Text": "This code takes a password, concatenates it with a nonce, then encrypts it before sending over a network:", "Example_Code": {"@Nature": "Bad", "@Language": "C", "xhtml:div": {"xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": [null, null, null, null, null, null], "#text": "char *nonce = \"bad\";...char *data = (unsigned char*)malloc(20);int para_size = strlen(nonce) + strlen(password);char *paragraph = (char*)malloc(para_size);SHA1((const unsigned char*)paragraph,parsize,(unsigned char*)data);sendEncryptedData(data)"}, "#text": "void encryptAndSendPassword(char *password){}"}}, "Body_Text": "Because the nonce used is always the same, an attacker can impersonate a trusted party by intercepting and resending the encrypted password. This attack avoids the need to learn the unencrypted password."}, {"Intro_Text": "This code sends a command to a remote server, using an encrypted password and nonce to prove the command is from a trusted party:", "Example_Code": {"@Nature": "Bad", "@Language": "C++", "xhtml:div": {"xhtml:br": [null, null, null, null, null, null, null], "#text": "String command = new String(\"some command to execute\");MessageDigest nonce = MessageDigest.getInstance(\"SHA\");nonce.update(String.valueOf(\"bad nonce\"));byte[] nonce = nonce.digest();MessageDigest password = MessageDigest.getInstance(\"SHA\");password.update(nonce + \"secretPassword\");byte[] digest = password.digest();sendCommand(digest, command)"}}, "Body_Text": "Once again the nonce used is always the same. An attacker may be able to replay previous legitimate commands or execute new arbitrary commands."}]}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-2024-36289", "Description": "social networking app reuses a nonce/key pair, allowing MITM attackers to manipulate direct messages", "Link": "https://www.cve.org/CVERecord?id=CVE-2024-36289"}, {"Reference": "CVE-2024-21530", "Description": "Rust package reuses a nonce/key pair when an object is cloned, which resets the random number generation", "Link": "https://www.cve.org/CVERecord?id=CVE-2024-21530"}]}, "Taxonomy_Mappings": {"Taxonomy_Mapping": {"@Taxonomy_Name": "CLASP", "Entry_Name": "Reusing a nonce, key pair in encryption"}}, "References": {"Reference": {"@External_Reference_ID": "REF-18"}}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Name": "CLASP", "Submission_Date": "2006-07-19", "Submission_Version": "Draft 3", "Submission_ReleaseDate": "2006-07-19"}, "Modification": [{"Modification_Name": "Eric Dalci", "Modification_Organization": "Cigital", "Modification_Date": "2008-07-01", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Time_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2008-09-08", "Modification_Version": "1.0", "Modification_ReleaseDate": "2008-09-09", "Modification_Comment": "updated Background_Details, Common_Consequences, Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-01", "Modification_Version": "1.13", "Modification_ReleaseDate": "2011-06-01", "Modification_Comment": "updated Common_Consequences"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-05-11", "Modification_Version": "2.2", "Modification_ReleaseDate": "2012-05-15", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-10-30", "Modification_Version": "2.3", "Modification_ReleaseDate": "2012-10-30", "Modification_Comment": "updated Demonstrative_Examples, Potential_Mitigations"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-07-30", "Modification_Version": "2.8", "Modification_ReleaseDate": "2014-07-31", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-11-08", "Modification_Version": "3.0", "Modification_ReleaseDate": "2017-11-08", "Modification_Comment": "updated Applicable_Platforms, Modes_of_Introduction, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-06-20", "Modification_Version": "3.3", "Modification_ReleaseDate": "2019-06-20", "Modification_Comment": "updated Type"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-10-28", "Modification_Version": "4.6", "Modification_ReleaseDate": "2021-10-28", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships, Type"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Detection_Factors, Relationships, Weakness_Ordinalities"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2026-04-30", "Modification_Version": "4.20", "Modification_ReleaseDate": "2026-04-30", "Modification_Comment": "updated Observed_Examples"}]}}
