PT-2020-6333 · Eclipse · Eclipse Tinydtls

Published

2020-11-13

Updated

2021-07-12

CVE-2021-34430

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Eclipse TinyDTLS versions through 0.9-rc1

Description The issue is related to errors in the pseudorandom number generator code. This makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic, potentially allowing them to reveal protected information.

Recommendations For Eclipse TinyDTLS versions through 0.9-rc1, consider updating to a version that does not rely on the rand function in the C library for pseudorandom number generation, as this would mitigate the risk of master key computation and DTLS traffic decryption by remote attackers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-326CWE-338

Related Identifiers

BDU:2021-04207

CVE-2021-34430

Affected Products

Eclipse Tinydtls

PT-2020-6333 · Eclipse · Eclipse Tinydtls

CVE-2021-34430

Weakness Enumeration

Related Identifiers

Affected Products

References · 5