CVE-2024-45723

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin (affected versions not specified)

Description: The issue is related to the generation of passwords for sharing cryptographic keys, where the goTenna Pro ATAK Plugin does not utilize SecureRandom. Instead, it uses a random function that is not suitable for cryptographic purposes, making it easier for attackers to brute force the password if the broadcasted encryption key is captured. This primarily affects the optional broadcast of an encryption key, and it is recommended to share the key via a local QR code for higher security operations.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.