CVE-2024-52288

Name of the Vulnerable Software and Affected Versions libosdp versions prior to 3.0.0

Description The issue allows an attacker with MITM access to the communication to intercept and save the original RMAC I reply. The attacker can then record all replies and save them until capturing the message to be replayed, which can be detected by ID, length, or time based on inspection of visual activity next to the reader. Once the attacker captures a session with the message to be replayed, they can craft a specific RMAC I message to revert the RMAC to the beginning of the session, allowing them to replay all messages from the beginning of the session.

Recommendations For versions prior to 3.0.0, upgrade to release version 3.0.0 or later, as this issue has been addressed in commit 298576d9 included in this release. As a temporary workaround, consider restricting access to the osdp SCRYPT function and validating RMAC I messages to only be in response to osdp SCRYPT. Avoid using the SCS 14 command on encrypted connections until the issue is resolved.