Skip to content

CWE-329: Not Using Random IV with CBC Mode

Overview

This guidance helps you interpret and remediate findings from DAST (Dynamic Application Security Testing) tools. The scanner detected that the application uses CBC-mode encryption with predictable or reused initialization vectors (IVs). Evidence includes identical ciphertext for identical plaintext across sessions/requests, sequential IVs, or cryptanalysis revealing IV patterns. Dynamic testing may show encrypted tokens/cookies producing predictable output, or TLS implementations vulnerable to BEAST-style attacks due to CBC IV predictability.

Analyzing the Dynamic Scan Result

What the DAST Scanner Found

DAST findings for CWE-329 typically indicate cryptographic behavior consistent with IV reuse, such as:

  • Identical ciphertext blocks produced from identical plaintext blocks
  • Repeated ciphertext prefixes across multiple encrypted messages
  • Encryption output that remains stable across requests where randomness is expected

Evidence is based on observing encryption behavior over multiple requests, not on request parameters or response content.

Mapping DAST Findings to Source Code

CWE-329 does not map to a specific HTTP endpoint or request parameter. The issue resides in cryptographic implementation and IV generation logic.

When tracing this issue in code, look for:

  • CBC-mode encryption implementations
  • IV generation code paths
  • Fixed, hard-coded, or reused IV values
  • IVs derived from predictable sources (timestamps, counters, constants)
  • Missing use of a cryptographically secure random number generator

Remediation

Core Principle: Never encrypt using CBC (or any nonce-based mode) unless a fresh, unpredictable initialization vector is generated for each operation by a cryptographically secure random number generator.

→ For comprehensive remediation guidance, see Static CWE-329 Guidance

Verification and Follow-Up Testing

After applying the fix:

Reproduce the Vulnerability

# Check for fixed/hard-coded IV
grep -r "iv.*=.*['\"]" src/
grep -r "iv.*=.*bytes(" src/

# Analyze encryption code
grep -r "MODE_CBC" src/

Verify the Fix

  • Confirm IV cryptographically random and generated randomly for each encryption
  • Check IV is unique per message
  • Ensure IV is transmitted with ciphertext (not secret)
  • Test that CBC mode uses proper random IVs

Test Edge Cases

# Check for proper IV generation
# Good: os.urandom(16), crypto.randomBytes(16), SecureRandom
# Bad: Fixed string, zeros, sequential numbers

grep -r "urandom\|randomBytes\|SecureRandom" src/
grep -r "iv.*=.*\"" src/  # Hard-coded IVs

Re-run DAST Scanner

Run your dynamic scanner again on the fixed endpoint to confirm remediation.

Additional Resources