CWE-323β€”Reusing a Nonce, Key Pair in Encryption

PUBLISHEDweakness recordHigh
released 2006-07-19 Β· last modified 2026-04-30

Metadata

CWE ID:
CWE-323
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2006-07-19
Latest Modification Date:
2026-04-30

Weakness Name

Reusing a Nonce, Key Pair in Encryption

Description

Nonces should be used for the present occasion and only once.

Common Consequences

Scope:
Access Control
Impact:
Bypass Protection Mechanism, Gain Privileges or Assume Identity
Notes:
Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.

Related Weaknesses