CVE-2024-21530

Name of the Vulnerable Software and Affected Versions cocoon versions prior to 0.4.0

Description The issue is related to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. This mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs, where StdRng is used under the hood. The issue does not affect objects created with Cocoon::new, which utilizes ThreadRng. The cause is that StdRng produces the same nonce because StdRng::clone resets its state.

Recommendations For versions prior to 0.4.0, create a new cocoon object with a different seed per each encrypt, wrap, or dump call to mitigate the issue. As a temporary workaround, consider creating a new cocoon with a new seed for each encryption to minimize the risk of exploitation.