Описание
The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is advised to continue to use encryption in the plugin and update to the current release for enhanced encryption protocols.
Ссылки
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.7 (исключая)
cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*
EPSS
Процентиль: 13%
0.00044
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-353
CWE-345
Связанные уязвимости
CVSS3: 5.3
github
больше 1 года назад
The goTenna Pro ATAK Plugin use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.
EPSS
Процентиль: 13%
0.00044
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-353
CWE-345