CWE-323: Reusing a Nonce, Key Pair in Encryption

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

Nonces should be used for the present occasion and only once.

常见后果

影响范围: Access Control

技术影响: Bypass Protection Mechanism Gain Privileges or Assume Identity

说明: Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.

潜在缓解措施

阶段: Implementation

描述: Refuse to reuse nonce values.

阶段: Implementation

描述: Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.

引入模式

阶段 说明
Architecture and Design REALIZATION: This weakness is caused during implementation of an architectural security tactic.

适用平台

编程语言
Not Language-Specific (Undetermined)

分类映射

分类名称 条目ID 条目名称 映射适配度
CLASP - Reusing a nonce, key pair in encryption -
关键信息

CWE ID: CWE-323

抽象级别: Base

结构: Simple

状态: Incomplete

利用可能性: High

相关弱点
ChildOf CWE-344

Use of Invariant Value in Dynamically Changing Context

Base
返回列表