Weak Seed for Random Number Generation in Telenot CompasX Versions Prior to 32.0: Predictable AES Keys in NFC Tags

Weak Seed for Random Number Generation in Telenot CompasX Versions Prior to 32.0: Predictable AES Keys in NFC Tags

CVE-2021-34600 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.

Learn more about our User Device Pen Test.