Unpredictable PSK Values in DTLS Sessions
CVE-2023-6324

8.8HIGH

Key Information:

Vendor: Throughtek
Status: Kalay Sdk
Vendor: CVE Published:; 15 May 2024

What is CVE-2023-6324?

The ThroughTek Kalay SDK is prone to a vulnerability due to its implementation of a predictable Pre-Shared Key (PSK) value in Datagram Transport Layer Security (DTLS) sessions when faced with an unexpected PSK identity. This flaw may allow unauthorized parties to exploit the connection, leading to potential security breaches and data exposure. It highlights a significant risk in the secure communication protocols utilized by applications relying on the Kalay SDK for digital streaming and connected devices, necessitating immediate attention and remediation.

Affected Version(s)

Kalay SDK 3.1.10.0 <= 3.1.10.16

Kalay SDK 3.2.0.0 <= 3.3.6.1

Kalay SDK 3.4.0.0 <= 3.4.7.3

References

https://bitdefender.com/blog/labs/notes-on-throughtek-kal...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Nov 27, 2023

Credit

Alexandru Lazar

Radu Basaraba

CVE-2023-6324 Data

JSON

Throughtek

What is CVE-2023-6324?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit