Early Access — Mondoo Vulnerability Intelligence is currently in preview.
The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.
By design, some cryptographic primitives (such as block ciphers) require that IVs must have certain properties for the uniqueness and/or unpredictability of an IV. Primitives may vary in how important these properties are. If these properties are not maintained, e.g. by a bug in the code, then the cryptography may be weakened or broken by attacking the IVs themselves.
Different cipher modes have different requirements for their IVs. When choosing and implementing a mode, it is important to understand those requirements in order to keep security guarantees intact. Generally, it is safest to generate a random IV, since it will be both unpredictable and have a very low chance of being non-unique. IVs do not have to be kept secret, so if generating duplicate IVs is a concern, a list of a...
If the IV is not properly initialized, data that is encrypted can be compromised and information about the data can be leaked. See [REF-1179].
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
CVE-2020-1472ZeroLogon vulnerability - use of a static IV of all zeroes in AES-CFB8 mode
CVE-2011-3389BEAST attack in SSL 3.0 / TLS 1.0. In CBC mode, chained initialization vectors are non-random, allowing decryption of HTTPS traffic using a chosen plaintext attack.
CVE-2001-0161wireless router does not use 6 of the 24 bits for WEP encryption, making it easier for attackers to decrypt traffic
CVE-2001-0160WEP card generates predictable IV values, making it easier for attackers to decrypt traffic
CVE-2017-3225device bootloader uses a zero initialization vector during AES-CBC