CVE-2024-23688

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-323
View all →

Vulnerability Description

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.

Related Vulnerabilities

CVE-2017-13078

MEDIUM
CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points t...

CWE-3232017

CVE-2017-13079

MEDIUM
CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range...

CWE-3232017

CVE-2017-13080

MEDIUM
CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points ...

CWE-3232017

CVE-2017-13081

MEDIUM
CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio rang...

CWE-3232017

CVE-2017-13088

MEDIUM
CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response fram...

CWE-3232017

CVE-2024-36289

MEDIUM
CVSS:5.3(Medium)

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct message...

CWE-3232024