CVE-2022-24402

Published: Oct 19, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks.

Affected (1)

Products: Midnightblue: Tetra\

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Midnightblue Tetra\	Version burst

Related CWEs

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

Small Space of Random Values

The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks.

References (2)

https://tetraburst.com/

Source: cert@ncsc.nl

Vendor Advisory

https://tetraburst.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.