CWE-1204
Generation of Weak Initialization Vector (IV)
The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.
CVE-2022-26083 (GCVE-0-2022-26083)
Vulnerability from cvelistv5
- Information Disclosure
- CWE-1204 - Generation of Weak Initialization Vector (IV)
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | Intel(R) IPP Cryptography software library |
Version: before version 2021.5 |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-26083", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-18T16:28:53.060853Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T16:29:02.579Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Intel(R) IPP Cryptography software library", "vendor": "n/a", "versions": [ { "status": "affected", "version": "before version 2021.5" } ] } ], "descriptions": [ { "lang": "en", "value": "Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en" }, { "cweId": "CWE-1204", "description": "Generation of Weak Initialization Vector (IV)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-14T20:41:27.084Z", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel" }, "references": [ { "name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00667.html", "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-00667.html" } ] } }, "cveMetadata": { "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2022-26083", "datePublished": "2025-02-14T20:41:27.084Z", "dateReserved": "2022-03-02T00:32:53.297Z", "dateUpdated": "2025-02-18T16:29:02.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-2747 (GCVE-0-2023-2747)
Vulnerability from cvelistv5
- CWE-1204 - Generation of Weak Initialization Vector (IV)
Vendor | Product | Version | ||
---|---|---|---|---|
silabs.com | GSDK |
Version: 2.0.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:33:05.305Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/SiliconLabs/gecko_sdk" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-2747", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-11T20:59:03.584000Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-11T20:59:11.466Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "GSDK", "vendor": "silabs.com", "versions": [ { "lessThanOrEqual": "2.2.1", "status": "affected", "version": "2.0.0", "versionType": "patch" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003e\u003c/div\u003e\n\nThe initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.\u0026nbsp;\u003cdiv\u003e\u003c/div\u003e" } ], "value": "The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized." } ], "impacts": [ { "capecId": "CAPEC-114", "descriptions": [ { "lang": "en", "value": "CAPEC-114 Authentication Abuse" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1204", "description": "CWE-1204 Generation of Weak Initialization Vector (IV)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-27T16:19:34.634Z", "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "shortName": "Silabs" }, "references": [ { "url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1" }, { "url": "https://github.com/SiliconLabs/gecko_sdk" } ], "source": { "discovery": "UNKNOWN" }, "title": "Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4", "assignerShortName": "Silabs", "cveId": "CVE-2023-2747", "datePublished": "2023-06-15T19:49:29.785Z", "dateReserved": "2023-05-16T20:15:31.493Z", "dateUpdated": "2024-12-11T20:59:11.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-0714 (GCVE-0-2025-0714)
Vulnerability from cvelistv5
- CWE-1204 - Generation of Weak Initialization Vector (IV)
► | URL | Tags | |||
---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-0714", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-18T15:08:52.631150Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-18T19:30:07.102Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "Password encryption" ], "platforms": [ "Windows" ], "product": "MobaXterm", "vendor": "Mobatek", "versions": [ { "lessThan": "25.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "configurations": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Passwords were stored with MobaXterm.\u003cbr\u003e" } ], "value": "Passwords were stored with MobaXterm." } ], "credits": [ { "lang": "en", "type": "finder", "value": "cirosec" } ], "datePublic": "2025-02-17T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted for their password. A derivative of the password is used as the master key. As both the master key and the IV are the same for each stored password, the AES CFB ciphertext depends only on the plaintext (the password). The static IV and master key make it easier to obtain sensitive information and to decrypt data when it is stored at rest." } ], "value": "The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted for their password. A derivative of the password is used as the master key. As both the master key and the IV are the same for each stored password, the AES CFB ciphertext depends only on the plaintext (the password). The static IV and master key make it easier to obtain sensitive information and to decrypt data when it is stored at rest." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1204", "description": "CWE-1204: Generation of Weak Initialization Vector (IV)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-19T08:29:49.252Z", "orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674", "shortName": "cirosec" }, "references": [ { "tags": [ "third-party-advisory" ], "url": "https://www.cirosec.de/sa/sa-2024-012" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Update MobaXterm to v25.0 and\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ereencrypt passwords that were encrypted with a vulnerable version of MobaXterm.\u003c/span\u003e" } ], "value": "Update MobaXterm to v25.0 and\u00a0reencrypt passwords that were encrypted with a vulnerable version of MobaXterm." } ], "source": { "discovery": "USER" }, "timeline": [ { "lang": "en", "time": "2024-12-16T09:56:00.000Z", "value": "Mobatek was contacted and informed about the vulnerability via email." }, { "lang": "en", "time": "2024-12-16T12:53:00.000Z", "value": "Initial response from Mobatek." }, { "lang": "en", "time": "2024-12-16T14:55:00.000Z", "value": "Further clarification about the vulnerability." }, { "lang": "en", "time": "2024-12-17T11:04:00.000Z", "value": "Mobatek acknowledged the vulnerability." }, { "lang": "en", "time": "2025-01-17T23:00:00.000Z", "value": "A fix was published." }, { "lang": "en", "time": "2025-01-23T23:00:00.000Z", "value": "The fix was verified by cirosec." } ], "title": "Insecure storage of sensitive information in MobaXTerm \u003c25.0.", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674", "assignerShortName": "cirosec", "cveId": "CVE-2025-0714", "datePublished": "2025-02-17T11:56:45.283Z", "dateReserved": "2025-01-24T12:55:11.026Z", "dateUpdated": "2025-02-19T08:29:49.252Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Implementation
Description:
- Different cipher modes have different requirements for their IVs. When choosing and implementing a mode, it is important to understand those requirements in order to keep security guarantees intact. Generally, it is safest to generate a random IV, since it will be both unpredictable and have a very low chance of being non-unique. IVs do not have to be kept secret, so if generating duplicate IVs is a concern, a list of already-used IVs can be kept and checked against.
- NIST offers recommendations on generation of IVs for modes of which they have approved. These include options for when random IVs are not practical. For CBC, CFB, and OFB, see [REF-1175]; for GCM, see [REF-1178].
CAPEC-20: Encryption Brute Forcing
An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
CAPEC-97: Cryptanalysis
Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: Total Break (finding the secret key), Global Deduction (finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key), Information Deduction (gaining some information about plaintexts or ciphertexts that was not previously known) and Distinguishing Algorithm (the attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits).