CVE-2024-47126

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an encryption key, so it is advised to share the key with local QR code for higher security operations.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*
cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*

History

No history.

Information

Published : 2024-09-26 18:15

Updated : 2024-10-17 18:15


NVD link : CVE-2024-47126

Mitre link : CVE-2024-47126

CVE.ORG link : CVE-2024-47126


JSON object : View

Products Affected

gotenna

  • gotenna_pro
CWE
CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)