Not Using a Random IV with CBC Mode
Weakness ID: 329 (Weakness Variant)Status: Draft
+ Description

Description Summary

Not using a random initialization Vector (IV) with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Confidentiality

If the CBC is not properly initialized, data that is encrypted can be compromised and therefore be read.

Integrity

If the CBC is not properly initialized, encrypted data could be tampered with in transfer.

Accountability

Cryptographic based authentication systems could be defeated.

+ Likelihood of Exploit

Medium

+ Demonstrative Examples

Example 1

(Bad Code)
Example Languages: C and C++ 
#include <openssl/evp.h> EVP_CIPHER_CTX ctx;
char key[EVP_MAX_KEY_LENGTH];
char iv[EVP_MAX_IV_LENGTH];
RAND_bytes(key, b);
memset(iv,0,EVP_MAX_IV_LENGTH);
EVP_EncryptInit(&ctx,EVP_bf_cbc(), key,iv);
(Bad Code)
Example Language: Java 
public class SymmetricCipherTest {
public static void main() {

byte[] text ="Secret".getBytes();
byte[] iv ={
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
};
KeyGenerator kg = KeyGenerator.getInstance("DES");
kg.init(56);
SecretKey key = kg.generateKey();
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
IvParameterSpec ips = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, key, ips);
return cipher.doFinal(inpBytes);
}
}
+ Potential Mitigations

Integrity: It is important to properly initialize CBC operating block ciphers or their utility is lost.

+ Background Details

CBC is the most commonly used mode of operation for a block cipher. It solves electronic code book's dictionary problems by XORing the ciphertext with plaintext. If it used to encrypt multiple data streams, dictionary attacks are possible, provided that the streams have a common beginning sequence.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory310Cryptographic Issues
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class330Use of Insufficiently Random Values
Research Concepts (primary)1000
ChildOfWeakness ClassWeakness Class573Failure to Follow Specification
Research Concepts1000
+ Functional Areas
  • Cryptography
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPNot using a random IV with CBC mode
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Background Details, Common Consequences, Functional Areas, Relationships, Taxonomy Mappings