Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.
References
Link | Resource |
---|---|
https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g | Vendor Advisory |
https://github.com/advisories/GHSA-w3hj-wr2q-x83g | Third Party Advisory |
https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: VulnCheck
Published: 2024-01-19T21:26:35.282Z
Updated: 2024-01-19T21:26:35.282Z
Reserved: 2024-01-19T17:35:09.985Z
Link: CVE-2024-23688
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-19T22:15:08.563
Modified: 2024-01-26T15:53:31.397
Link: CVE-2024-23688
JSON object: View
Redhat Information
No data.