Common Weakness Enumeration

CWE-323

Allowed

Reusing a Nonce, Key Pair in Encryption

Abstraction: Base · Status: Incomplete

Nonces should be used for the present occasion and only once.

78 vulnerabilities reference this CWE, most recent first.

GHSA-MX47-H32C-X878

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-16 12:32
VLAI
Details

Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the database backup API exposed by dbbak.php. Attackers can inject a crafted payload through the username parameter during login to abuse the encryption oracle in logging_ctl::logging_more(), obtain a legitimately signed token, and use it to bypass authorization for database export and import operations, with the additional ability to trigger a race condition to impersonate arbitrary users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-49952"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T20:16:29Z",
    "severity": "CRITICAL"
  },
  "details": "Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter integration and the database backup API exposed by dbbak.php. Attackers can inject a crafted payload through the username parameter during login to abuse the encryption oracle in logging_ctl::logging_more(), obtain a legitimately signed token, and use it to bypass authorization for database export and import operations, with the additional ability to trigger a race condition to impersonate arbitrary users.",
  "id": "GHSA-mx47-h32c-x878",
  "modified": "2026-06-16T12:32:01Z",
  "published": "2026-06-15T21:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49952"
    },
    {
      "type": "WEB",
      "url": "https://gitee.com/Discuz/DiscuzX/commit/9962dad52c4c6999dabaf91ecd70377c680ff3c6"
    },
    {
      "type": "WEB",
      "url": "https://karmainsecurity.com/KIS-2026-09"
    },
    {
      "type": "WEB",
      "url": "https://karmainsecurity.com/chaining-bugs-in-discuz-from-race-condition-to-rce"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/discuz-x5-0-authentication-bypass-via-dbbak-php-encryption-oracle"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2026/Jun/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-MXRV-CP62-8842

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46
VLAI
Details

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-17T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.",
  "id": "GHSA-mxrv-cp62-8842",
  "modified": "2025-04-20T03:46:54Z",
  "published": "2022-05-13T01:43:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13084"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/vulnerabilities/kracks"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201711-03"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
    },
    {
      "type": "WEB",
      "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.krackattacks.com"
    },
    {
      "type": "WEB",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/228519"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101274"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039576"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039577"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039581"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PHQW-PWXM-86GQ

Vulnerability from github – Published: 2026-07-02 21:32 – Updated: 2026-07-02 21:32
VLAI
Details

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow conversation state due to keystream reuse caused by a fixed all-zero IV paired with the same encryption key.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-59099"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-02T20:17:08Z",
    "severity": "CRITICAL"
  },
  "details": "Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow conversation state due to keystream reuse caused by a fixed all-zero IV paired with the same encryption key.",
  "id": "GHSA-phqw-pwxm-86gq",
  "modified": "2026-07-02T21:32:14Z",
  "published": "2026-07-02T21:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59099"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apereo/cas/commit/22c6f4adf738852782309b523b4e80371057f2d0"
    },
    {
      "type": "WEB",
      "url": "https://apereo.github.io/2026/06/18/vuln"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apereo/cas/releases/tag/v8.0.0-RC6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/geo-chen/oss/blob/main/cas.md"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/apereo-cas-rc6-aes-gcm-nonce-reuse-information-disclosure"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q4Q5-JX42-4XP9

Vulnerability from github – Published: 2026-06-25 18:30 – Updated: 2026-06-26 18:33
VLAI
Details

AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-55967"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T18:16:41Z",
    "severity": "LOW"
  },
  "details": "AES-GCM encryption/decryption with extremely large cumulative single message sizes (\u003e64 GiB) were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery.",
  "id": "GHSA-q4q5-jx42-4xp9",
  "modified": "2026-06-26T18:33:49Z",
  "published": "2026-06-25T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55967"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wolfSSL/wolfssl/pull/10709"
    },
    {
      "type": "WEB",
      "url": "https://www.wolfssl.com/docs/security-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-QP4F-2W67-C8HW

Vulnerability from github – Published: 2022-05-24 17:07 – Updated: 2022-12-16 22:56
VLAI
Summary
Inbound TCP Agent Protocol/3 authentication bypass in Jenkins
Details

Jenkins 2.213 and earlier, LTS 2.204.1 and earlier includes support for the Inbound TCP Agent Protocol/3 for communication between controller and agents. While this protocol has been deprecated in 2018 and was recently removed from Jenkins in 2.214, it could still easily be enabled in Jenkins LTS 2.204.1, 2.213, and older.

This protocol incorrectly reuses encryption parameters which allow an unauthenticated remote attacker to determine the connection secret. This secret can then be used to connect attacker-controlled Jenkins agents to the Jenkins controller.

Jenkins 2.204.2 no longer allows for the use of Inbound TCP Agent Protocol/3 by default. The system property jenkins.slaves.JnlpSlaveAgentProtocol3.ALLOW_UNSAFE can be set to true to allow enabling the Inbound TCP Agent Protocol/3 in Jenkins 2.204.2, but doing so is strongly discouraged.

Inbound TCP Agent Protocol/3 was removed completely from Jenkins 2.214 and will not be part of Jenkins LTS after the end of the 2.204.x line.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.main:jenkins-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.204.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.main:jenkins-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.205"
            },
            {
              "fixed": "2.214"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-2099"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323",
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-16T22:56:05Z",
    "nvd_published_at": "2020-01-29T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Jenkins 2.213 and earlier, LTS 2.204.1 and earlier includes support for the Inbound TCP Agent Protocol/3 for communication between controller and agents. While [this protocol has been deprecated in 2018](https://www.jenkins.io/changelog-old/#v2.128) and was recently removed from Jenkins in 2.214, it could still easily be enabled in Jenkins LTS 2.204.1, 2.213, and older.\n\nThis protocol incorrectly reuses encryption parameters which allow an unauthenticated remote attacker to determine the connection secret. This secret can then be used to connect attacker-controlled Jenkins agents to the Jenkins controller.\n\nJenkins 2.204.2 no longer allows for the use of Inbound TCP Agent Protocol/3 by default. The system property `jenkins.slaves.JnlpSlaveAgentProtocol3.ALLOW_UNSAFE` can be set to `true` to allow enabling the Inbound TCP Agent Protocol/3 in Jenkins 2.204.2, but doing so is strongly discouraged.\n\nInbound TCP Agent Protocol/3 was removed completely from Jenkins 2.214 and will not be part of Jenkins LTS after the end of the 2.204.x line.",
  "id": "GHSA-qp4f-2w67-c8hw",
  "modified": "2022-12-16T22:56:05Z",
  "published": "2022-05-24T17:07:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-2099"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/jenkins/commit/5054bc6e12e1022993d719f66e289ab1d22ae854"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2020:0402"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2020:0675"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0681"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0683"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/jenkins"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1682"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/01/29/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Inbound TCP Agent Protocol/3 authentication bypass in Jenkins"
}

GHSA-QV2Q-C278-PCH5

Vulnerability from github – Published: 2026-05-21 21:49 – Updated: 2026-05-21 21:49
VLAI
Summary
ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse
Details

The PasskeyEncipherImage method is vulnerable to information disclosure via AES-CTR nonce reuse. ImageMagick has update the documentation on its website to make it more clear that this is happening: https://imagemagick.org/cipher/

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-HDRI-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q16-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-AnyCPU"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-OpenMP-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-arm64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Magick.NET-Q8-x86"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.12.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-323",
      "CWE-330"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-21T21:49:09Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "The PasskeyEncipherImage method is vulnerable to information disclosure via AES-CTR nonce reuse. ImageMagick has update the documentation on its website to make it more clear that this is happening: https://imagemagick.org/cipher/",
  "id": "GHSA-qv2q-c278-pch5",
  "modified": "2026-05-21T21:49:09Z",
  "published": "2026-05-21T21:49:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qv2q-c278-pch5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ImageMagick/ImageMagick"
    },
    {
      "type": "WEB",
      "url": "https://imagemagick.org/cipher"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ImageMagick: Information Disclosure in PasskeyEncipherImage via AES-CTR nonce reuse"
}

GHSA-QVR8-F9G3-WV5X

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46
VLAI
Details

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-17T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.",
  "id": "GHSA-qvr8-f9g3-wv5x",
  "modified": "2025-04-20T03:46:56Z",
  "published": "2022-05-13T01:43:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13088"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2907"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/vulnerabilities/kracks"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en-us/advisories/vde-2017-005"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201711-03"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-11-01"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-17420"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa"
    },
    {
      "type": "WEB",
      "url": "https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt"
    },
    {
      "type": "WEB",
      "url": "https://www.krackattacks.com"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3999"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/228519"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101274"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039573"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039576"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039577"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039578"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039581"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3455-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2JW-C95Q-RJ29

Vulnerability from github – Published: 2024-10-02 06:30 – Updated: 2025-12-29 22:23
VLAI
Summary
Duplicate Advisory: cocoon Reuses a Nonce, Key Pair in Encryption
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-6878-6wc2-pf5h. This link is maintained to preserve external references.

Original Description

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object.

Note: The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "cocoon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-323"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-02T17:57:49Z",
    "nvd_published_at": "2024-10-02T05:15:11Z",
    "severity": "MODERATE"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-6878-6wc2-pf5h. This link is maintained to preserve external references.\n\n### Original Description\nVersions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object.\n\n**Note:**\nThe issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.",
  "id": "GHSA-r2jw-c95q-rj29",
  "modified": "2025-12-29T22:23:36Z",
  "published": "2024-10-02T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21530"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fadeevab/cocoon/issues/22"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fadeevab/cocoon/commit/1b6392173ce35db4736a94b62b2d2973f9a71441"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-6878-6wc2-pf5h"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fadeevab/cocoon"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2023-0068.html"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-RUST-COCOON-6028364"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Duplicate Advisory: cocoon Reuses a Nonce, Key Pair in Encryption",
  "withdrawn": "2025-12-29T22:23:36Z"
}

GHSA-R727-5V4M-6FX7

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36
VLAI
Details

A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-7902"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-323",
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-30T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A \"Reusing a Nonce, Key Pair in Encryption\" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed.",
  "id": "GHSA-r727-5v4m-6fx7",
  "modified": "2022-05-13T01:36:16Z",
  "published": "2022-05-13T01:36:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7902"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038546"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V84F-6R39-CPFC

Vulnerability from github – Published: 2023-09-15 00:30 – Updated: 2023-09-15 19:03
VLAI
Summary
HashiCorp Vault Improper Input Validation vulnerability
Details

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/vault"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.6.0"
            },
            {
              "fixed": "1.12.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/vault"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.13.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/vault"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.14.0"
            },
            {
              "fixed": "1.14.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-4680"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-323"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-15T19:03:05Z",
    "nvd_published_at": "2023-09-15T00:15:07Z",
    "severity": "MODERATE"
  },
  "details": "HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.",
  "id": "GHSA-v84f-6r39-cpfc",
  "modified": "2023-09-15T19:03:05Z",
  "published": "2023-09-15T00:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4680"
    },
    {
      "type": "WEB",
      "url": "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hashicorp/vault"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "HashiCorp Vault Improper Input Validation vulnerability"
}

Mitigation
Implementation

Refuse to reuse nonce values.

Mitigation
Implementation

Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.

No CAPEC attack patterns related to this CWE.