6 matches found
CVE-2024-23688
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...
GHSA-WP4M-7HPJ-8QP8 Duplicate Advisory: Discovery uses the same AES/GCM Nonce throughout the session
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3hj-wr2q-x83g. This link is maintained to preserve external references. Original Description Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally...
Code injection
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...
CVE-2024-23688 Consensys Discovery Nonce Reuse
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...
Consensys Discovery Security Feature Issue Vulnerability
Consensys Discovery is an open source application from Consensys. A security vulnerability exists in versions of Consensys Discovery prior to 0.4.5 that stems from using the same AES/GCM random number throughout a session...
PT-2021-24354 · Consensys · Consensys Discovery
Name of the Vulnerable Software and Affected Versions: Consensys Discovery versions less than 0.4.5 Description: The issue arises from Consensys Discovery using the same AES/GCM nonce for the entire session, which should ideally be unique for every message. This can lead to the leaking of the...