Detalle CWE-1204

CWE-1204

Generation of Weak Initialization Vector (IV)
Incomplete
2021-03-15
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notificaciones para un CWE
Manténgase informado sobre cualquier cambio en un CWE específico.
Gestionar notificaciones

Nombre: Generation of Weak Initialization Vector (IV)

The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.

Descripción CWE

By design, some cryptographic primitives (such as block ciphers) require that IVs must have certain properties for the uniqueness and/or unpredictability of an IV. Primitives may vary in how important these properties are. If these properties are not maintained, e.g. by a bug in the code, then the cryptography may be weakened or broken by attacking the IVs themselves.

Informaciones generales

Modos de introducción

Implementation

Plataformas aplicables

Lenguaje

Class: Not Language-Specific (Undetermined)

Consecuencias comunes

Alcance Impacto Probabilidad
ConfidentialityRead Application Data

Note: If the IV is not properly initialized, data that is encrypted can be compromised and information about the data can be leaked. See [REF-1179].

Ejemplos observados

Referencias Descripción

CVE-2020-1472

ZeroLogon vulnerability - use of a static IV of all zeroes in AES-CFB8 mode

CVE-2011-3389

BEAST attack in SSL 3.0 / TLS 1.0. In CBC mode, chained initialization vectors are non-random, allowing decryption of HTTPS traffic using a chosen plaintext attack.

CVE-2001-0161

wireless router does not use 6 of the 24 bits for WEP encryption, making it easier for attackers to decrypt traffic

CVE-2001-0160

WEP card generates predictable IV values, making it easier for attackers to decrypt traffic

CVE-2017-3225

device bootloader uses a zero initialization vector during AES-CBC

CVE-2016-6485

crypto framework uses PHP rand function - which is not cryptographically secure - for an initialization vector

CVE-2014-5386

encryption routine does not seed the random number generator, causing the same initialization vector to be generated repeatedly

CVE-2020-5408

encryption functionality in an authentication framework uses a fixed null IV with CBC mode, allowing attackers to decrypt traffic in applications that use this functionality

CVE-2017-17704

messages for a door-unlocking product use a fixed IV in CBC mode, which is the same after each restart

CVE-2017-11133

application uses AES in CBC mode, but the pseudo-random secret and IV are generated using math.random, which is not cryptographically strong.

CVE-2007-3528

Blowfish-CBC implementation constructs an IV where each byte is calculated modulo 8 instead of modulo 256, resulting in less than 12 bits for the effective IV length, and less than 4096 possible IV values.

Mitigaciones potenciales

Phases : Implementation

Métodos de detección

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Efectividad : High

Notas de mapeo de vulnerabilidades

Justificación : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comentario : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Patrones de ataque relacionados

CAPEC-ID Nombre del patrón de ataque
CAPEC-20 Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
CAPEC-97 Cryptanalysis
Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: Total Break (finding the secret key), Global Deduction (finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key), Information Deduction (gaining some information about plaintexts or ciphertexts that was not previously known) and Distinguishing Algorithm (the attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits).

Notas

As of CWE 4.5, terminology related to randomness, entropy, and predictability can vary widely. Within the developer and other communities, "randomness" is used heavily. However, within cryptography, "entropy" is distinct, typically implied as a measurement. There are no commonly-used definitions, even within standards documents and cryptography papers. Future versions of CWE will attempt to define these terms and, if necessary, distinguish between them in ways that are appropriate for different communities but do not reduce the usability of CWE for mapping, understanding, or other scenarios.

Referencias

REF-1175

Intercepting Mobile Communications: The Insecurity of 802.11
Nikita Borisov, Ian Goldberg, David Wagner.
http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf

REF-1175

Intercepting Mobile Communications: The Insecurity of 802.11
Nikita Borisov, Ian Goldberg, David Wagner.
http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf

REF-1176

Birthday problem
Wikipedia.
https://en.wikipedia.org/wiki/Birthday_problem

REF-1177

Initialization Vector
Wikipedia.
https://en.wikipedia.org/wiki/Initialization_vector

REF-1178

Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
NIST.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf

REF-1179

CBC Mode is Malleable. Don't trust it for Authentication
Arxum Path Security.
https://arxumpathsecurity.com/blog/2019/10/16/cbc-mode-is-malleable-dont-trust-it-for-authentication

Envío

Nombre Organización Fecha Fecha de lanzamiento Version
CWE Content Team MITRE 2021-03-09 +00:00 2021-03-15 +00:00 4.4

Modificaciones

Nombre Organización Fecha Comentario
CWE Content Team MITRE 2021-07-20 +00:00 updated Maintenance_Notes, Observed_Examples, References
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships, Time_of_Introduction
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Detection_Factors, Weakness_Ordinalities
La información presentada en CVE Find proviene de varias fuentes de referencia cuidadosamente seleccionadas. Los datos CVE son proporcionados por MITRE Corporation y la Base de Datos Nacional de Vulnerabilidades (NVD). El catálogo de Vulnerabilidades Explotadas Conocidas (KEV) proviene de la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA), mientras que las puntuaciones EPSS provienen de FIRST.org. Además, los datos sobre debilidades de software (CWE) y patrones de ataque comunes (CAPEC) son mantenidos por MITRE Corporation, y la información sobre configuraciones de hardware y software (CPE) es proporcionada por la NVD.