Unpredictable PSK Values in DTLS Sessions
CVE-2023-6324

8.8HIGH

Key Information:

Vendor: Throughtek
Status: Kalay Sdk
Vendor: CVE Published:; 15 May 2024

What is CVE-2023-6324?

The ThroughTek Kalay SDK is prone to a vulnerability due to its implementation of a predictable Pre-Shared Key (PSK) value in Datagram Transport Layer Security (DTLS) sessions when faced with an unexpected PSK identity. This flaw may allow unauthorized parties to exploit the connection, leading to potential security breaches and data exposure. It highlights a significant risk in the secure communication protocols utilized by applications relying on the Kalay SDK for digital streaming and connected devices, necessitating immediate attention and remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Kalay SDK 3.1.10.0 <= 3.1.10.16

Kalay SDK 3.2.0.0 <= 3.3.6.1

Kalay SDK 3.4.0.0 <= 3.4.7.3

References

https://bitdefender.com/blog/labs/notes-on-throughtek-kal...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Nov 27, 2023

Credit

Alexandru Lazar

Radu Basaraba

JSON

Throughtek

What is CVE-2023-6324?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.