Kyle Petryszak

**Name of the Vulnerable Software and Affected Versions** cocoon versions prior to 0.4.0 **Description** The issue is related to Reusing a Nonce, Key Pair in Encryption when the `encrypt`, `wrap`, and `dump` functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. This mostly affects `MiniCocoon` and `Cocoon` objects with custom seeds and RNGs, where `StdRng` is used under the hood. The issue does not affect objects created with `Cocoon::new`, which utilizes `ThreadRng`. The cause is that `StdRng` produces the same nonce because `StdRng::clone` resets its state. **Recommendations** For versions prior to 0.4.0, create a new cocoon object with a different seed per each `encrypt`, `wrap`, or `dump` call to mitigate the issue. As a temporary workaround, consider creating a new cocoon with a new seed for each encryption to minimize the risk of exploitation.