Lucene search
PRIOn knowledge basePRION:CVE-2024-23688HistoryJan 19, 2024 - 10:15 p.m.
Code injection
2024-01-1922:15:00
PRIOn knowledge base
www.prio-n.com
8
consensys discovery
code injection
versions
aes/gcm nonce
exposed session key
nvd
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node’s private key isn’t compromised, only the session key generated for specific peer communication is exposed.
Related
nvd
nvd
CVE-2024-23688
2024-01-19 22:15:08
cve
cve
CVE-2024-23688
2024-01-19 22:15:08
osv
osv
Discovery uses the same AES/GCM Nonce throughout the session
2021-04-06 17:22:17
CVE-2024-23688
2024-01-19 22:15:08
cvelist
cvelist
CVE-2024-23688 Consensys Discovery Nonce Reuse
2024-01-19 21:26:35