CVE-2024-45374 – The goTenna Pro ATAK plugin uses a weak passwor... (How to Fix)

Q: What is the severity of CVE-2024-45374?

CVE-2024-45374 has a CVSS score of 5.3 (MEDIUM). The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via RF broadcast, allowing attackers who capture the broadcast to potentially brute-force the password and decrypt all messages encrypted with that key. This affects users who enable the optional key broadcast feature in goTenna Pro ATAK plugin deployments.

📋 TL;DR

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via RF broadcast, allowing attackers who capture the broadcast to potentially brute-force the password and decrypt all messages encrypted with that key. This affects users who enable the optional key broadcast feature in goTenna Pro ATAK plugin deployments.

💻 Affected Systems

Products:

goTenna Pro ATAK plugin

Versions: All versions prior to patched version (specific version not specified in advisory)

Operating Systems: Android (ATAK platform)

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using the optional key broadcast feature over RF. Local QR key sharing is not affected.

📦 What is this software?

Gotenna by Gotenna

View all CVEs affecting Gotenna →

⚠️ Risk & Real-World Impact

🔴

Worst Case

All encrypted communications using a compromised key become readable, exposing sensitive tactical data and compromising operational security.

🟠

Likely Case

Limited exposure of specific encrypted broadcasts if an attacker is within RF range and successfully cracks the weak password.

🟢

If Mitigated

No impact if key broadcast feature is disabled and local QR key sharing is used instead.

🌐 Internet-Facing: LOW - This vulnerability requires physical proximity to capture RF broadcasts, not internet exposure.

🏢 Internal Only: MEDIUM - Risk exists within operational areas where RF broadcasts occur, but requires attacker presence and password cracking capability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires physical proximity to capture RF transmissions and computational resources for password cracking.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in advisory - check vendor updates

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05

Restart Required: Yes

Instructions:

1. Update goTenna Pro ATAK plugin to latest version. 2. Restart ATAK application. 3. Verify key broadcast uses stronger encryption if still needed.

🔧 Temporary Workarounds

Disable RF Key Broadcast

all

Completely disable the optional key broadcast feature and use local QR code sharing instead.

Navigate to plugin settings and disable 'Key Broadcast over RF' option

🧯 If You Can't Patch

Disable the key broadcast feature immediately
Use only local QR code encryption key sharing methods

🔍 How to Verify

Check if Vulnerable:

Check if key broadcast feature is enabled in goTenna Pro ATAK plugin settings

Check Version:

Check plugin version in ATAK plugin management interface

Verify Fix Applied:

Verify plugin is updated to latest version and key broadcast is either disabled or uses enhanced security

📡 Detection & Monitoring

Log Indicators:

Multiple failed decryption attempts
Unusual key broadcast activity

Network Indicators:

RF spectrum analysis showing key broadcast patterns
Unexpected RF monitoring equipment in operational area

SIEM Query:

Not applicable - primarily physical/RF based attack vector

📊 Metadata

CVE ID: CVE-2024-45374

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-521

Published: September 26, 2024

Last Updated: October 17, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45374, you might also want to check these: