CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.6)  

Presentation Filter:

CWE-329: Not Using a Random IV with CBC Mode

 
Not Using a Random IV with CBC Mode
Weakness ID: 329 (Weakness Variant)Status: Draft
+ Description

Description Summary

Not using a random initialization Vector (IV) with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Confidentiality
Other

Technical Impact: Read application data; Other

If the CBC is not properly initialized, data that is encrypted can be compromised and therefore be read.

Integrity

Technical Impact: Modify application data

If the CBC is not properly initialized, encrypted data could be tampered with in transfer.

Access Control
Other

Technical Impact: Bypass protection mechanism; Other

Cryptographic based authentication systems could be defeated.

+ Likelihood of Exploit

Medium

+ Demonstrative Examples

Example 1

In the following examples, CBC mode is used when encrypting data:

(Bad Code)
Example Languages: C and C++ 
EVP_CIPHER_CTX ctx;
char key[EVP_MAX_KEY_LENGTH];
char iv[EVP_MAX_IV_LENGTH];
RAND_bytes(key, b);
memset(iv,0,EVP_MAX_IV_LENGTH);
EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);
(Bad Code)
Example Language: Java 
public class SymmetricCipherTest {
public static void main() {

byte[] text ="Secret".getBytes();
byte[] iv ={
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
KeyGenerator kg = KeyGenerator.getInstance("DES");
kg.init(56);
SecretKey key = kg.generateKey();
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
IvParameterSpec ips = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, key, ips);
return cipher.doFinal(inpBytes);
}
}

In both of these examples, the initialization vector (IV) is always a block of zeros. This makes the resulting cipher text much more predictable and susceptible to a dictionary attack.

+ Potential Mitigations

Phase: Implementation

It is important to properly initialize CBC operating block ciphers or their utility is lost.

+ Background Details

CBC is the most commonly used mode of operation for a block cipher. It solves electronic code book's dictionary problems by XORing the ciphertext with plaintext. If it used to encrypt multiple data streams, dictionary attacks are possible, provided that the streams have a common beginning sequence.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory310Cryptographic Issues
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class330Use of Insufficiently Random Values
Research Concepts (primary)1000
ChildOfWeakness ClassWeakness Class573Improper Following of Specification by Caller
Research Concepts1000
ChildOfCategoryCategory903SFP Cluster: Cryptography
Software Fault Pattern (SFP) Clusters (primary)888
+ Functional Areas
  • Cryptography
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPNot using a random IV with CBC mode
+ References
[REF-7] Mark Dowd, John McDonald and Justin Schuh. "The Art of Software Security Assessment". Chapter 2, "Initialization Vectors", Page 42.. 1st Edition. Addison Wesley. 2006.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Background_Details, Common_Consequences, Functional_Areas, Relationships, Taxonomy_Mappings
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated References, Relationships
2012-10-30CWE Content TeamMITREInternal
updated Demonstrative_Examples, Potential_Mitigations
Page Last Updated: February 18, 2014