We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-52288

RMAC revert to the beginning of the session in libosdp



Description

libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected `REPLY_CCRYPT` or `REPLY_RMAC_I` may be introduced into an active stream when they should not be. Once RMAC_I message can be sent during a session, attacker with MITM access to the communication may intercept the original RMAC_I reply and save it. While the session continues, the attacker will record all of the replies and save them, till capturing the message to be replied (can be detected by ID, length or time based on inspection of visual activity next to the reader) Once attacker captures a session with the message to be replayed, he stops resetting the connection and waits for signal to perform the replay to of the PD to CP message (ex: by signaling remotely to the MIMT device or setting a specific timing). In order to replay, the attacker will craft a specific RMAC_I message in the proper seq of the execution, which will result in reverting the RMAC to the beginning of the session. At that phase - attacker can replay all the messages from the beginning of the session. This issue has been addressed in commit `298576d9` which is included in release version 3.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Reserved 2024-11-06 | Published 2024-11-11 | Updated 2024-11-12 | Assigner GitHub_M


MEDIUM: 5.1CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Product status

< 3.0.0
affected

References

github.com/...ibosdp/security/advisories/GHSA-xhjw-7vh5-qxqm

github.com/...ommit/298576d9214b48214092eebdd892ec77be085e5a

cve.org (CVE-2024-52288)

nvd.nist.gov (CVE-2024-52288)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-52288

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.