Vulnerabilities > CVE-2012-4687 - Cryptographic Issues vulnerability in Postoaktraffic Awam Bluetooth Reader

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

high complexity

postoaktraffic

CWE-310

NVD

Published: 2012-12-08

Updated: 2012-12-26

Summary

Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.

Vulnerable Configurations

Part	Description	Count
Hardware	Postoaktraffic Postoaktraffic Awam Bluetooth Reader -	1

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

References

http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf