CWE-323: Reusing a Nonce, Key Pair in Encryption

Description

Nonces should be used for the present occasion and only once.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Example Vulnerable Codes

Example - 1

This code takes a password, concatenates it with a nonce, then encrypts it before sending over a network:


char *nonce = "bad";...char *data = (unsigned char*)malloc(20);int para_size = strlen(nonce) + strlen(password);char *paragraph = (char*)malloc(para_size);SHA1((const unsigned char*)paragraph,parsize,(unsigned char*)data);sendEncryptedData(data)void encryptAndSendPassword(char *password){}

Because the nonce used is always the same, an attacker can impersonate a trusted party by intercepting and resending the encrypted password. This attack avoids the need to learn the unencrypted password.

Example - 2

This code sends a command to a remote server, using an encrypted password and nonce to prove the command is from a trusted party:


String command = new String("some command to execute");MessageDigest nonce = MessageDigest.getInstance("SHA");nonce.update(String.valueOf("bad nonce"));byte[] nonce = nonce.digest();MessageDigest password = MessageDigest.getInstance("SHA");password.update(nonce + "secretPassword");byte[] digest = password.digest();sendCommand(digest, command)

Once again the nonce used is always the same. An attacker may be able to replay previous legitimate commands or execute new arbitrary commands.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-344: Use of Invariant Value in Dynamically Changing Context

Go to

Visit http://cwe.mitre.org/ for more details.