Security Flaw in JetBrains Ktor Native Affecting Random Nonce Generation
CVE-2022-29035

3.3LOW

Key Information:

Vendor: Jetbrains
Status: Ktor
Vendor: CVE Published:; 11 April 2022

Summary

In Ktor Native prior to version 2.0.0, a vulnerability exists due to the use of non-secure random values for generating nonces. This flaw can lead to predictability in nonce values, potentially allowing attackers to exploit insufficient randomness for replay attacks or other security threats. Users are encouraged to update to the latest version to mitigate this risk. For more details, refer to the official JetBrains security fixes documentation and the relevant GitHub pull request.

Affected Version(s)

Ktor Native 2.0.0

References

https://www.jetbrains.com/privacy-security/issues-fixed/

x_refsource_MISC

https://github.com/ktorio/ktor/pull/2776

x_refsource_MISC

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2022
Vulnerability Reserved
Apr 11, 2022

Credit

Dan Wallach