CVE-2024-47121

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-521
View all →

Vulnerability Description

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions.

Related Vulnerabilities

CVE-2015-8033

MEDIUM
CVSS:5.3(Medium)

In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.

CWE-5212015

CVE-2023-25184

MEDIUM
CVSS:5.3(Medium)

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products ...

CWE-5212023

CVE-2024-32213

MEDIUM
CVSS:5.3(Medium)

The LoMag WareHouse Management application version 1.0.20.120 and older were found to allow weak passwords. By default, hard-coded passwords of 10 characters with little or no complexity are allowed.

CWE-5212024

CVE-2024-41683

MEDIUM
CVSS:5.3(Medium)

A vulnerability has been identified in Location Intelligence family (All versions < V4.4). Affected products do not properly enforce a strong user password policy. This could facilitate a brute force ...

CWE-5212024

CVE-2024-41778

MEDIUM
CVSS:5.3(Medium)

IBM Controller 11.0.0 through 11.0.1 and 11.1.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

CWE-5212024

CVE-2022-3326

MEDIUM
CVSS:5.4(Medium)

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9.

CWE-5212022