Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-34600
PUBLISHED
More InfoOfficial Page
Assigner-CERTVDE
Assigner Org ID-270ccfa6-a436-4e77-922e-914ec3a9685c
View Known Exploited Vulnerability (KEV) details
Published At-20 Jan, 2022 | 11:40
Updated At-16 Sep, 2024 | 19:04
Rejected At-
▼CVE Numbering Authority (CNA)
Telenot complex: Insecure AES Key Generation

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.

Affected Products
Vendor
Telenot Electronic GmbH
Product
CompasX
Default Status
unaffected
Versions
Affected
  • From unspecified before 32.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-335CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Type: CWE
CWE ID: CWE-335
Description: CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Metrics
VersionBase scoreBase severityVector
3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to CompasX versions >= 32.0

Configurations
Workarounds

It is strongly recommended to raise the security level during the time window until the AES keys can be changed to securely generated ones. The complex alarm systems supports alternative authentication factors that can be combined with the Desfire NFC tag authentication. An example for such an additional factor is a requirement for a valid PIN entry on the complex alarm system in addition to a successful Desfire authentication to disarm the alarm.

Exploits
Credits
finder
X41 D-SEC GmbH, Markus Vervier, Yasar Klawohn
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/
x_refsource_CONFIRM
Hyperlink: https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/
Resource:
x_refsource_CONFIRM
x_transferred
Details not found