Vulnerabilities > Midnightblue
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2022-24403 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Midnightblue Tetra:Burst The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). | 4.3 |
| 2023-10-19 | CVE-2022-24400 | Authorization Bypass Through User-Controlled Key vulnerability in Midnightblue Tetra:Burst A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero. | 5.9 |
| 2023-10-19 | CVE-2022-24401 | Authorization Bypass Through User-Controlled Key vulnerability in Midnightblue Tetra:Burst Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. | 8.1 |
| 2023-10-19 | CVE-2022-24402 | Improper Restriction of Excessive Authentication Attempts vulnerability in Midnightblue Tetra:Burst The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks. | 7.5 |
| 2023-10-19 | CVE-2022-24404 | Improper Validation of Integrity Check Value vulnerability in Midnightblue Tetra:Burst Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. | 7.5 |