[tptacek]

Nonce reuse in CTR, which underpins a bunch of AEADs, gives you direct plaintext recovery. It leads to a repeated keystream.

Nonce reuse in nonce-based AEADs gives you authentication key recovery; it destroys authentication completely.