SYM_JAVA_0115 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Reusing a Nonce, Key Pair in Encryption
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-323: Reusing a Nonce, Key Pair in Encryption |
| OWASP | A02:2021 - Cryptographic Failures |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code is reusing the same IV/nonce value with GCM encryption, rather than generating a new, random value each time. This makes the encryption predictable and breaks the security guarantees of GCM mode.
Impact
If the nonce is reused, attackers can decrypt or tamper with encrypted data, potentially exposing sensitive information or allowing data manipulation. This undermines the effectiveness of encryption and can lead to serious breaches of confidentiality and integrity.