Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  

CWE-329: Not Using a Random IV with CBC Mode

Weakness ID: 329
Abstraction: Variant
Status: Draft
Presentation Filter:
+ Description

Description Summary

Not using a random initialization Vector (IV) with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms



+ Common Consequences

Technical Impact: Read application data; Other

If the CBC is not properly initialized, data that is encrypted can be compromised and therefore be read.


Technical Impact: Modify application data

If the CBC is not properly initialized, encrypted data could be tampered with in transfer.

Access Control

Technical Impact: Bypass protection mechanism; Other

Cryptographic based authentication systems could be defeated.

+ Likelihood of Exploit


+ Demonstrative Examples

Example 1

In the following examples, CBC mode is used when encrypting data:

(Bad Code)
Example Languages: C and C++ 
RAND_bytes(key, b);
EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);
(Bad Code)
Example Language: Java 
public class SymmetricCipherTest {
public static void main() {

byte[] text ="Secret".getBytes();
byte[] iv ={
KeyGenerator kg = KeyGenerator.getInstance("DES");
SecretKey key = kg.generateKey();
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
IvParameterSpec ips = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, key, ips);
return cipher.doFinal(inpBytes);

In both of these examples, the initialization vector (IV) is always a block of zeros. This makes the resulting cipher text much more predictable and susceptible to a dictionary attack.

+ Potential Mitigations

Phase: Implementation

It is important to properly initialize CBC operating block ciphers or their utility is lost.

+ Background Details

CBC is the most commonly used mode of operation for a block cipher. It solves electronic code book's dictionary problems by XORing the ciphertext with plaintext. If it used to encrypt multiple data streams, dictionary attacks are possible, provided that the streams have a common beginning sequence.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory310Cryptographic Issues
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class330Use of Insufficiently Random Values
Research Concepts (primary)1000
ChildOfWeakness ClassWeakness Class573Improper Following of Specification by Caller
Research Concepts1000
ChildOfCategoryCategory959SFP Secondary Cluster: Weak Cryptography
Software Fault Pattern (SFP) Clusters (primary)888
+ Functional Areas
  • Cryptography
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPNot using a random IV with CBC mode
+ References
[REF-7] Mark Dowd, John McDonald and Justin Schuh. "The Art of Software Security Assessment". Chapter 2, "Initialization Vectors", Page 42.. 1st Edition. Addison Wesley. 2006.
+ Content History
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Background_Details, Common_Consequences, Functional_Areas, Relationships, Taxonomy_Mappings
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated References, Relationships
2012-10-30CWE Content TeamMITREInternal
updated Demonstrative_Examples, Potential_Mitigations
2014-07-30CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017