PT-2020-12907 · Opentrace · Opentrace
Harrison-Tco
·
Published
2020-04-17
·
Updated
2021-07-21
·
CVE-2020-11872
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OpenTrace version 1.0
Description
The issue in OpenTrace's Cloud Functions subsystem could potentially allow fabrication attacks. This is possible by making a large number of TempID requests before the rotation of an AES-256-GCM key occurs.
Recommendations
For OpenTrace version 1.0, consider implementing a rate limit on TempID requests to minimize the risk of fabrication attacks until a more permanent fix is available.
Fix
Use of a Broken Cryptographic Algorithm
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentrace