漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
goTenna Pro ATAK Plugin Missing Support for Integrity Check
Vulnerability Description
The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is advised to continue to use encryption in the plugin and update to the current release for enhanced encryption protocols.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
缺失完整性检查支持
Vulnerability Title
goTenna Pro 安全漏洞
Vulnerability Description
goTenna Pro是goTenna公司的一系列可为离网通信和态势感知创建网络的设备。 goTenna Pro 1.9.12及之前版本存在安全漏洞,该漏洞源于使用AES CTR模式加密短消息时未附加任何完整性检查机制,这使得消息容易被能够访问到消息的攻击者篡改。
CVSS Information
N/A
Vulnerability Type
N/A