PT-2024-29644 · Gotenna · Gotenna Pro Atak Plugin
Clayton Smith
+2
·
Published
2024-09-26
·
Updated
2024-10-17
·
CVE-2024-41931
CVSS v3.1
4.3
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
goTenna Pro ATAK Plugin (affected versions not specified)
Description
The issue concerns the transmission of the encryption key name in an unencrypted manner when sent over RF through a broadcast message, potentially revealing the location of operation. It is recommended to share the encryption key via local QR for higher security operations.
Recommendations
As a temporary workaround, consider sharing the encryption key via local QR for higher security operations.
Restrict the use of broadcast messages for sending encryption keys to minimize the risk of exploitation.
Avoid using RF broadcasts for sensitive information until a more secure method is implemented.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gotenna Pro Atak Plugin