BaseIncomplete

CWE-323Reusing a Nonce, Key Pair in Encryption

Category: data-exposure

Description

Nonces should be used for the present occasion and only once.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism, Gain Privileges or Assume Identity
    Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.

Potential mitigations· 2

  • [Implementation]Refuse to reuse nonce values.
  • [Implementation]Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.

References

  1. https://cwe.mitre.org/data/definitions/323.html

(incoming)4

TypeTargetConfidenceTier
VulnerabilityCVE-2025-47345cve-2025-473450%live
VulnerabilityCVE-2025-59870cve-2025-598700%live
VulnerabilityCVE-2025-64767cve-2025-647670%live
VulnerabilityCVE-2026-3559cve-2026-35590%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Public Key Re-Use for Signing both Debug and Production Code
CWE
Authentication Bypass by Primary Weakness
CWE
Improper Handling of Insufficient Entropy in TRNG
CWE
Authentication Bypass by Assumed-Immutable Data
CWE
Same Seed in Pseudo-Random Number Generator (PRNG)
CWE
Improper Restriction of Excessive Authentication Attempts
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.