VYPR

CWE-1204

Generation of Weak Initialization Vector (IV)

BaseIncomplete

Description

The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.

By design, some cryptographic primitives (such as block ciphers) require that IVs must have certain properties for the uniqueness and/or unpredictability of an IV. Primitives may vary in how important these properties are. If these properties are not maintained, e.g. by a bug in the code, then the cryptography may be weakened or broken by attacking the IVs themselves.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-20 · CAPEC-97

CVEs mapped to this weakness (2)

  • CVE-2026-5087HigMar 31, 2026
    risk 0.49cvss 7.5epss 0.00

    PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely. PAGI::Middleware::Session::Store::Cookie attempts to read bytes from the /dev/urandom device directly. If that fails (for example, on systems without the device, such…

  • CVE-2025-0714MedFeb 17, 2025
    risk 0.42cvss 6.5epss 0.00

    The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm,…