VYPR

CWE-323

Reusing a Nonce, Key Pair in Encryption

BaseIncompleteLikelihood: High

Description

Nonces should be used for the present occasion and only once.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (24)

page 2 of 2
  • CVE-2024-41951MedJul 31, 2024
    risk 0.22cvss 4.4epss 0.00

    Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. The issue is that the map of encoding/decoding languages are visible in code. The Problem was patched in 0.2.4.

  • CVE-2024-23688Jan 19, 2024
    risk 0.00cvss epss 0.00

    Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.

  • CVE-2023-4680Sep 14, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially…

  • CVE-2020-2099Jan 29, 2020
    risk 0.00cvss epss 0.01

    Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to…