CVE-2023-33982

Exploit

EPSS 0.12%
Veröffentlicht 24.05.2023 18:15:10
Zuletzt bearbeitet 16.01.2025 16:15:30
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Briarproject ≫ Briar Version < 1.5.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.312

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://briarproject.org/news/2023-three-security-issues-found-and-fixed/

Vendor Advisory

https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf

Third Party Advisory

Exploit

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2023-33982

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33982

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33982

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-33982