Описание
In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.
Ссылки
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.7 (исключая)
cpe:2.3:a:gotenna:atak_plugin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.00109
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-922
Связанные уязвимости
CVSS3: 4.3
github
больше 1 года назад
In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device.
EPSS
Процентиль: 30%
0.00109
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-922