PT-2024-30298 · Gotenna · Gotenna Pro Atak Plugin
Clayton Smith
+2
·
Published
2024-09-26
·
Updated
2024-10-17
·
CVE-2024-43108
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
goTenna Pro ATAK Plugin (affected versions not specified)
Description
The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.
Recommendations
Update to the current release for enhanced encryption protocols.
As a temporary workaround, consider using additional integrity checking mechanisms to minimize the risk of exploitation.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gotenna Pro Atak Plugin