The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions.
oryginał ENCVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XGotenna Pro
APPGotenna< 2.0.3
Powiązane podatności
The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P an...
The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate ...
The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The r...
The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messa...
In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device (EUD). T...