CVE Vulnerabilities

CVE-2024-47123

Insufficient Verification of Data Authenticity

Published: Sep 26, 2024 | Modified: Oct 17, 2024
CVSS 3.x
3.1
LOW
Source:
NVD
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The goTenna Pro App uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is recommended to continue to use encryption in the app and update to the current release for more secure operations.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name Vendor Start Version End Version
Gotenna_pro Gotenna * 1.6.1 (including)
Gotenna_pro Gotenna * 2.0.3 (excluding)

References