PT-2024-32419 · Gotenna · Gotenna Pro App
Clayton Smith
+2
·
Published
2024-09-26
·
Updated
2024-10-17
·
CVE-2024-47124
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
goTenna Pro App versions prior to the current app version
Description
The issue concerns the lack of encryption for callsigns in messages. This could potentially reveal sensitive information about users and may be leveraged for other vulnerabilities. It is recommended not to use sensitive information in callsigns when using affected versions of the app. The current app version uses AES-256 encryption for callsigns in encrypted operation.
Recommendations
Update the app to the current version, which uses AES-256 encryption for callsigns in encrypted operation.
As a temporary workaround, consider not using sensitive information in callsigns until the app is updated.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gotenna Pro App