Midnightblue

midnightblue

5 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-24403 1Midnightblue 1Tetra\ Nov 21, 2024 Dec 5, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit...Show more The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs.Show less
CVE-2022-24404 1Midnightblue 1Tetra\ Nov 21, 2024 Oct 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion.
CVE-2022-24402 1Midnightblue 1Tetra\ Nov 21, 2024 Oct 19, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard agai...Show more The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks.Show less
CVE-2022-24401 1Midnightblue 1Tetra\ Nov 21, 2024 Oct 19, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure...Show more Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of these counters in a mobile station, provoking keystream re-use. By sending crafted messages to the MS and analyzing MS responses, keystream for arbitrary frames can be recovered.Show less
CVE-2022-24400 1Midnightblue 1Tetra\ Nov 21, 2024 Oct 19, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero.