How severe is CVE-2021-32033?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2021-32033?

This is classified as CWE-335, which is a common weakness in software security.

CVE-2021-32033 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token.

Related Vulnerabilities

CVE-2022-42159

MEDIUM

CVSS:4.3(Medium)

D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.

CWE-3352022

CVE-2018-14647

MEDIUM

CVSS:5.3(Medium)

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML docum...

CWE-3352018

CVE-2021-34600

MEDIUM

CVSS:5.5(Medium)

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total l...

CWE-3352021

CVE-2018-12384

MEDIUM

CVSS:5.9(Medium)

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2...

CWE-3352018

CVE-2012-1577

CRITICAL

CVSS:9.8(Critical)

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.

CWE-3352012

CVE-2017-11519

CRITICAL

CVSS:9.8(Critical)

passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.

CWE-3352017