CWE-323 · Reusing a Nonce, Key Pair in Encryption
31 CVEs classified under CWE-323 (Reusing a Nonce, Key Pair in Encryption). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-7902 | Critical | 9.8 | 2017-06-30 | A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AW… |
CVE-2025-64767 | Critical | 9.1 | 2025-11-21 | hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal() API has a… |
CVE-2022-24401 | High | 8.8 | 2023-10-19 | Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame c… |
CVE-2025-47345 | High | 8.4 | 2026-01-06 | Cryptographic issue may occur while encrypting license data. |
CVE-2026-3559 | High | 8.1 | 2026-03-13 | Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass… |
CVE-2017-13082 | High | 8.1 | 2017-10-17 | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BS… |
CVE-2026-5446 | High | 7.1 | 2026-04-09 | In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt… |
CVE-2023-4680 | Medium | 6.8 | 2023-09-14 | HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The… |
CVE-2023-37467 | Medium | 6.8 | 2023-07-28 | Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce… |
CVE-2019-7593 | Medium | 6.8 | 2019-08-20 | Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management… |
CVE-2017-13086 | Medium | 6.8 | 2017-10-17 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an atta… |
CVE-2017-13084 | Medium | 6.8 | 2017-10-17 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an… |
CVE-2023-28997 | Medium | 6.7 | 2023-04-04 | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server a… |
CVE-2020-1759 | Medium | 6.4 | 2020-04-13 | A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure… |
CVE-2026-45028 | Medium | 6.1 | 2026-05-13 | Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots… |
CVE-2024-36121 | Medium | 5.9 | 2024-06-04 | netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this s… |
CVE-2021-32791 | Medium | 5.9 | 2021-07-26 | mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating use… |
CVE-2026-3099 | Medium | 5.8 | 2026-03-12 | A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or en… |
CVE-2024-11022 | Medium | 5.6 | 2024-12-06 | The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used… |
CVE-2017-13088 | Medium | 5.3 | 2017-10-17 | Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network… |