Reusing a Nonce, Key Pair in Encryption

Incomplete Base

Structure: Simple

Description

Nonces should be used for the present occasion and only once.

Common Consequences 1

Scope: Access Control

Impact: Bypass Protection MechanismGain Privileges or Assume Identity

Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.

Potential Mitigations 2

Phase: Implementation

Refuse to reuse nonce values.

Phase: Implementation

Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.

Demonstrative Examples 2

This code takes a password, concatenates it with a nonce, then encrypts it before sending over a network:

Code Example:Bad
C
c

Because the nonce used is always the same, an attacker can impersonate a trusted party by intercepting and resending the encrypted password. This attack avoids the need to learn the unencrypted password.

This code sends a command to a remote server, using an encrypted password and nonce to prove the command is from a trusted party:

Code Example:Bad
C++
c++

Once again the nonce used is always the same. An attacker may be able to replay previous legitimate commands or execute new arbitrary commands.

References 1

The CLASP Application Security Process

Secure Software, Inc.

2005

https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)

ID: REF-18

Likelihood of Exploit

High

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Architecture and Design

Related Weaknesses

ChildOf:

Use of Invariant Value in Dynamically Changing Context (CWE-344)

Taxonomy Mapping

CLASP