SYM_JAVA_0114 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Reusing a Nonce, Key Pair in Encryption
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-323: Reusing a Nonce, Key Pair in Encryption |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
When using AES-GCM encryption, reusing the same Initialization Vector (IV) with the same key for different messages makes the encryption predictable and insecure. Each encryption operation must use a new, unique IV to protect the data properly.
Impact
If the same IV and key are reused, attackers can detect patterns between encrypted messages and may be able to recover sensitive information or compromise the integrity of the data. This could lead to data leaks or unauthorized access to confidential information.