CWE-323βReusing a Nonce, Key Pair in Encryption
PUBLISHEDweakness recordHigh
released 2006-07-19 Β· last modified 2026-04-30
Metadata
- CWE ID:
- CWE-323
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2026-04-30
Weakness Name
Reusing a Nonce, Key Pair in Encryption
Description
Nonces should be used for the present occasion and only once.
Common Consequences
- Scope:
- Access Control
- Impact:
- Bypass Protection Mechanism, Gain Privileges or Assume Identity
- Notes:
- Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.