exploitDog

CVE-2024-45723

Опубликовано: 26 сент. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an encryption key, so it is advised to share the key with local QR code for higher security operations.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*

Версия до 2.0.7 (исключая)

EPSS

Процентиль: 18%

0.00058

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-338

Связанные уязвимости

GHSA-rgqq-jvq6-w93r

CVSS3: 6.5

github

больше 1 года назад

The goTenna Pro ATAK Plugin does not use SecureRandom when generating its cryptographic keys. The random function in use is not suitable for cryptographic use.

EPSS

Процентиль: 18%

0.00058

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-338