CWE-1204— Generation of Weak Initialization Vector (IV)
The product uses a cryptographic primitive that uses an Initialization Vector (IV), but the product does not generate IVs that are sufficiently unpredictable or unique according to the expected cryptographic requirements for that primitive.— MITRE CWE catalog
3 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-1204page 1 of 1
- CVE-2022-26083HIGHCVSS 7.5EG 7.52025-02-14
Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.
- CVE-2023-2747LOWCVSS 3.1EG 3.12023-06-15
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.
- CVE-2025-0714MEDIUMCVSS 6.5EG 6.52025-02-17
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector (IV) consisting only of zero bytes and a master key to encrypt each password individually. In the defaul…
Map vulnerabilities like CWE-1204 to your infrastructure
EchelonGraph correlates every CVE — across CWE-1204 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →