Reusing a Nonce, Key Pair in Encryption

Incomplete Base

Structure: Simple

Description

This vulnerability occurs when a cryptographic nonce or key pair is reused, compromising the security of the encrypted data.

Extended Description

In cryptography, a nonce (number used once) is a random or pseudo-random value that should be used for a single encryption session or transaction. Reusing it, or reusing the same key pair in a similar context, can allow attackers to decrypt messages, forge authentication, or break the encryption scheme entirely. This fundamentally undermines the security guarantees that modern encryption is designed to provide. To prevent this, developers must ensure nonces and ephemeral key pairs are generated uniquely for every single operation. Implement systems that securely manage state to guarantee no value is repeated, and prefer using well-vetted cryptographic libraries that handle this automatically, rather than attempting custom implementations.

Common Consequences 1

Scope: Access Control

Impact: Bypass Protection MechanismGain Privileges or Assume Identity

Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.

Potential Mitigations 2

Phase: Implementation

Refuse to reuse nonce values.

Phase: Implementation

Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.

Demonstrative Examples 2

This code takes a password, concatenates it with a nonce, then encrypts it before sending over a network:

Code Example:Bad
C
c

Because the nonce used is always the same, an attacker can impersonate a trusted party by intercepting and resending the encrypted password. This attack avoids the need to learn the unencrypted password.

This code sends a command to a remote server, using an encrypted password and nonce to prove the command is from a trusted party:

Code Example:Bad
C++
c++

Once again the nonce used is always the same. An attacker may be able to replay previous legitimate commands or execute new arbitrary commands.

References 1

The CLASP Application Security Process

Secure Software, Inc.

2005

https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)

ID: REF-18

Likelihood of Exploit

High

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Architecture and Design

Related Weaknesses

ChildOf:

Use of Invariant Value in Dynamically Changing Context (CWE-344)

Taxonomy Mapping

CLASP