Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.9 views

CVE-2024-23688

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

5.3CVSS5.6AI score0.00489EPSS
Exploits0References1
OSV
OSV
added 2024/01/20 12:30 a.m.3 views

GHSA-WP4M-7HPJ-8QP8 Duplicate Advisory: Discovery uses the same AES/GCM Nonce throughout the session

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3hj-wr2q-x83g. This link is maintained to preserve external references. Original Description Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally...

5.3CVSS6.8AI score0.00489EPSS
Exploits0References4
Prion
Prion
added 2024/01/19 10:15 p.m.23 views

Code injection

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

5CVSS7.2AI score0.00489EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/19 9:26 p.m.3 views

CVE-2024-23688 Consensys Discovery Nonce Reuse

Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed...

5.6AI score0.00489EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.5 views

Consensys Discovery Security Feature Issue Vulnerability

Consensys Discovery is an open source application from Consensys. A security vulnerability exists in versions of Consensys Discovery prior to 0.4.5 that stems from using the same AES/GCM random number throughout a session...

5.3CVSS6.7AI score0.00489EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/04/06 12:0 a.m.5 views

PT-2021-24354 · Consensys · Consensys Discovery

Name of the Vulnerable Software and Affected Versions: Consensys Discovery versions less than 0.4.5 Description: The issue arises from Consensys Discovery using the same AES/GCM nonce for the entire session, which should ideally be unique for every message. This can lead to the leaking of the...

5.3CVSS5.2AI score0.00489EPSS
Exploits0References9
Rows per page
Query Builder