CVE-2024-47126

Name of the Vulnerable Software and Affected Versions goTenna Pro App (affected versions not specified) goTenna Pro X (affected versions not specified) goTenna Pro X2 (affected versions not specified)

Description The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This issue only applies to the optional broadcast of an encryption key. For higher security operations, it is advised to share the key with a local QR code.

Recommendations For goTenna Pro App, consider disabling the broadcast of encryption keys until a patch is available. For goTenna Pro X, restrict access to the key sharing feature to minimize the risk of exploitation. For goTenna Pro X2, avoid using the broadcasted encryption key until the issue is resolved. As a temporary workaround, consider sharing keys with a local QR code for higher security operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.