CWE-329: Generation of Predictable IV with CBC Mode

Description

The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

CBC mode eliminates a weakness of Electronic Code Book (ECB) mode by allowing identical plaintext blocks to be encrypted to different ciphertext blocks. This is possible by the XOR-ing of an IV with the initial plaintext block so that every plaintext block in the chain is XOR'd with a different value before encryption. If IVs are reused, then identical plaintexts would be encrypted to identical ciphertexts. However, even if IVs are not identical but are predictable, then they still break the security of CBC mode against Chosen Plaintext Attacks (CPA).

Example Vulnerable Codes

Example - 1

In the following examples, CBC mode is used when encrypting data:


EVP_CIPHER_CTX ctx;char key[EVP_MAX_KEY_LENGTH];char iv[EVP_MAX_IV_LENGTH];RAND_bytes(key, b);memset(iv,0,EVP_MAX_IV_LENGTH);EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);

0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
byte[] text ="Secret".getBytes();byte[] iv ={};KeyGenerator kg = KeyGenerator.getInstance("DES");kg.init(56);SecretKey key = kg.generateKey();Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");IvParameterSpec ips = new IvParameterSpec(iv);cipher.init(Cipher.ENCRYPT_MODE, key, ips);return cipher.doFinal(inpBytes);public static void main() {}public class SymmetricCipherTest {}

In both of these examples, the initialization vector (IV) is always a block of zeros. This makes the resulting cipher text much more predictable and susceptible to a dictionary attack.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-573: Improper Following of Specification by Caller
Go to
CWE-1204: Generation of Weak Initialization Vector (IV)
Go to

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Nov. 05, 2024 12:44