CVE-2021-34430

Published: Jul 8, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.

Affected (2)

Products: Eclipse: Tinydtls

Eclipse

1 product

Tinydtls

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Eclipse Tinydtls	Up to 0.8.2
Eclipse Tinydtls	Version 0.9 rc1

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

References (2)

https://bugs.eclipse.org/bugs/show_bug.cgi?id=568803

Source: emo@eclipse.org

ExploitIssue TrackingVendor Advisory

https://bugs.eclipse.org/bugs/show_bug.cgi?id=568803

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.