hardcoded-iv
hardcoded-iv
Initialization Vectors (IVs) for block ciphers should be randomly generated each time they are used. Using a static IV means the same plaintext encrypts to the same ciphertext every time, weakening the strength of the encryption.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-329: Not using a random initialization Vector (IV) with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.
OWASP:
- A02:2021 - Cryptographic Failures
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-329: Not using a random initialization Vector (IV) with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.
OWASP:
- A02:2021 - Cryptographic Failures