CWE-323 在加密中重用Nonce与密钥对
Reusing a Nonce, Key Pair in Encryption
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: High
基本描述
Nonces should be used for the present occasion and only once.
相关缺陷
- cwe_Nature: ChildOf cwe_CWE_ID: 344 cwe_View_ID: 1000 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Access Control | ['Bypass Protection Mechanism', 'Gain Privileges or Assume Identity'] | Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user. |
可能的缓解方案
Implementation
策略:
Refuse to reuse nonce values.
Implementation
策略:
Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.
示例代码
例
This code takes a password, concatenates it with a nonce, then encrypts it before sending over a network:
bad C
...
char data = (unsigned char)malloc(20);
int para_size = strlen(nonce) + strlen(password);
char paragraph = (char)malloc(para_size);
SHA1((const unsigned char)paragraph,parsize,(unsigned char)data);
sendEncryptedData(data)
Because the nonce used is always the same, an attacker can impersonate a trusted party by intercepting and resending the encrypted password. This attack avoids the need to learn the unencrypted password.
例
This code sends a command to a remote server, using an encrypted password and nonce to prove the command is from a trusted party:
bad C++
MessageDigest nonce = MessageDigest.getInstance("SHA");
nonce.update(String.valueOf("bad nonce"));
byte[] nonce = nonce.digest();
MessageDigest password = MessageDigest.getInstance("SHA");
password.update(nonce + "secretPassword");
byte[] digest = password.digest();
sendCommand(digest, command)
Once again the nonce used is always the same. An attacker may be able to replay previous legitimate commands or execute new arbitrary commands.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CLASP | Reusing a nonce, key pair in encryption |