Assigner | Bitdefender |
Reserved | 2023-11-27 |
Published | 2024-05-15 |
Updated | 2024-06-04 |
Description
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Problem types
CWE-457 Use of Uninitialized Variable
Product status
3.1.10.0
3.2.0.0
3.4.0.0
4.0.0.0
Credits
Alexandru Lazar
Radu Basaraba
References
https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/