CWE-323Reusing a Nonce, Key Pair in Encryption

PUBLISHEDweakness recordHigh
released 2006-07-19 · last modified 2026-04-30

Metadata

CWE ID:
CWE-323
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2026-04-30

名称

Reusing a Nonce, Key Pair in Encryption

描述

Nonces should be used for the present occasion and only once.

常见后果

范围:
Access Control
影响:
Bypass Protection Mechanism, Gain Privileges or Assume Identity
注释:
Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.

相关 CWE