CVE-2023-1672 – Race condition exists in the key generation and rotation functionality
https://notcve.org/view.php?id=CVE-2023-1672
A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host. • https://access.redhat.com/security/cve/CVE-2023-1672 https://bugzilla.redhat.com/show_bug.cgi?id=2180999 https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096 https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html https://www.openwall.com/lists/oss-security/2023/06/15/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2021-4076
https://notcve.org/view.php?id=CVE-2021-4076
A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys. Se presenta un fallo en tang, un servidor de enlace criptográfico basado en la red, que podría dar lugar a un filtrado de claves privadas • https://bugzilla.redhat.com/show_bug.cgi?id=2029814 https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 https://github.com/latchset/tang/pull/81 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •