CVE-2024-47124

CVSS v3.1

6.5

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions goTenna Pro App versions prior to the current app version

Description The issue concerns the lack of encryption for callsigns in messages. This could potentially reveal sensitive information about users and may be leveraged for other vulnerabilities. It is recommended not to use sensitive information in callsigns when using affected versions of the app. The current app version uses AES-256 encryption for callsigns in encrypted operation.

Recommendations Update the app to the current version, which uses AES-256 encryption for callsigns in encrypted operation. As a temporary workaround, consider not using sensitive information in callsigns until the app is updated.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2024-47124

Affected Products

Gotenna Pro App

CVE-2024-47124

Weakness Enumeration

Related Identifiers

Affected Products

References · 7