CWE-323 - Reusing a Nonce, Key Pair in Encryption
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
Reusing a Nonce, Key Pair in Encryption
Description
Nonces should be used for the present occasion and only once.
Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity
Notes: Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.
Related Weaknesses
CWE-344Use of Invariant Value in Dynamically Changing Context
Max severity RCE flaw discovered in widely used Apache Parquet
Hunters International shifts from ransomware to pure data extortion
CISA warns of Fast Flux DNS evasion used by cybercrime gangs
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
Ivanti patches Connect Secure zero-day exploited since mid-March
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware
Texas State Bar warns of data breach after INC ransomware claims attack
Recent GitHub supply chain attack traced to leaked SpotBugs token
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability