Reusing a Nonce, Key Pair in Encryption
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-323: Reusing a Nonce, Key Pair in Encryption |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code uses AES-GCM encryption but may be reusing the same Initialization Vector (IV) or nonce with the same key. This makes encrypted data vulnerable because identical IVs allow patterns to be detected in the ciphertext.
Impact#
If the IV or nonce is reused, attackers can analyze multiple encrypted messages to reveal similarities or even recover parts of the plaintext, potentially exposing sensitive information like user data or credentials. This weakens encryption and can lead to significant data breaches.