CVE-2024-45723 MEDIUM

CVE-2024-45723: goTenna Pro ATAK Plugin Use of Cryptographically Weak Pseudo-Random Number Generator

Vendor Gotenna
Product Pro ATAK Plugin
Weakness CWE-338
Published September 26, 2024
Last update October 17, 2024

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an encryption key, so it is advised to share the key with local QR code for higher security operations.

Key dates

02Disclosure timeline

September 26, 2024 CVE published
October 17, 2024 Record updated