CVE-2022-24403 – De-anonymization attack in TETRA
https://notcve.org/view.php?id=CVE-2022-24403
The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs. La función de cifrado de identidad TETRA TA61 utiliza internamente un valor de 64 bits derivado exclusivamente de SCK (redes Clase 2) o CCK (redes Clase 3). La estructura de TA61 permite una recuperación eficiente de este valor de 64 bits, lo que permite a un adversario cifrar o descifrar identidades arbitrarias con solo tres pares de identidades cifradas/no cifradas conocidas. • https://tetraburst.com • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-24400 – DCK pinning attack in TETRA
https://notcve.org/view.php?id=CVE-2022-24400
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero. Una falla en el procedimiento de autenticación TETRA permite que un adversario MITM que puede predecir el desafío MS RAND2 establezca la clave de sesión DCK en cero. • https://tetraburst.com • CWE-639: Authorization Bypass Through User-Controlled Key CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVE-2022-24401 – Keystream recovery for arbitrary frames in TETRA
https://notcve.org/view.php?id=CVE-2022-24401
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of these counters in a mobile station, provoking keystream re-use. By sending crafted messages to the MS and analyzing MS responses, keystream for arbitrary frames can be recovered. Reutilización del flujo de claves inducida por el adversario en el tráfico cifrado de interfaz aérea TETRA utilizando cualquier generador de flujo de claves TEA. • https://tetraburst.com • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2022-24402 – Intentionally weakened effective strength in TETRA TEA1
https://notcve.org/view.php?id=CVE-2022-24402
The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks. El generador de flujo de claves TETRA TEA1 implementa una función de inicialización de registro de claves que comprime la clave de 80 bits a solo 32 bits para su uso durante la fase de generación del flujo de claves, lo cual es insuficiente para protegerse contra ataques de búsqueda exhaustiva. • https://tetraburst.com • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-334: Small Space of Random Values •
CVE-2022-24404 – Ciphertext Malleability in TETRA
https://notcve.org/view.php?id=CVE-2022-24404
Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion. Falta de verificación de integridad criptográfica en el tráfico cifrado de interfaz aérea TETRA. Dado que se emplea un cifrado de flujo, esto permite que un adversario activo manipule datos de texto plano bit a bit. • https://tetraburst.com • CWE-353: Missing Support for Integrity Check CWE-354: Improper Validation of Integrity Check Value •