VYPR

CWE-323

Reusing a Nonce, Key Pair in Encryption

BaseIncompleteLikelihood: High

Description

Nonces should be used for the present occasion and only once.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (24)

page 1 of 2
  • CVE-2017-7902CriJun 30, 2017
    risk 0.64cvss 9.8epss 0.03

    A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions;…

  • CVE-2026-12205CriJun 15, 2026
    risk 0.59cvss 9.1epss 0.00

    Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later…

  • CVE-2026-3559HigMar 16, 2026
    risk 0.53cvss 8.1epss 0.00

    Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2017-13082HigOct 17, 2017
    risk 0.53cvss 8.1epss 0.05

    Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2026-49952CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter…

  • CVE-2025-64767CriNov 21, 2025
    risk 0.52cvss 9.1epss 0.00

    hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal() API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal() calls. This can lead to complete…

  • CVE-2025-61739HigDec 22, 2025
    risk 0.47cvss epss 0.00

    Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.

  • CVE-2023-7003MedMar 15, 2024
    risk 0.44cvss 6.8epss 0.00

    The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware.

  • CVE-2017-13086MedOct 17, 2017
    risk 0.44cvss 6.8epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2017-13084MedOct 17, 2017
    risk 0.44cvss 6.8epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

  • CVE-2026-5446HigApr 9, 2026
    risk 0.39cvss 7.1epss 0.00

    In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the…

  • CVE-2024-11022MedDec 6, 2024
    risk 0.36cvss 5.6epss 0.00

    The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack.

  • CVE-2017-13088MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points…

  • CVE-2017-13081MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

  • CVE-2017-13080MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

  • CVE-2017-13079MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.

  • CVE-2017-13078MedOct 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

  • CVE-2024-36289MedJun 17, 2024
    risk 0.34cvss 5.3epss 0.00

    Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack.

  • CVE-2026-45028MedMay 13, 2026
    risk 0.33cvss 6.1epss 0.00

    Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one…

  • CVE-2024-21530MedOct 2, 2024
    risk 0.22cvss 4.5epss 0.00

    Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon…