Back to CWE list
CWE-323
Reusing a Nonce, Key Pair in Encryption
Base
Incomplete
Description
Nonces should be used for the present occasion and only once.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Access Control
Impact
Bypass Protection Mechanism, Gain Privileges or Assume Identity
Potential Mitigations
Implementation
Refuse to reuse nonce values.
Implementation
Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.
CVE-2024-36289social networking app reuses a nonce/key pair, allowing MITM attackers to manipulate direct messages
CVE-2024-21530Rust package reuses a nonce/key pair when an object is cloned, which resets the random number generation
Applicable Platforms
Not Language-Specific
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now