CVE-2021-26322
CVE-2021-26322
In short
The platform stores a private key without proper random protection, which could allow an attacker to recover the key by comparing encrypted messages. This weakens the entire security of the system.
Technical detail
The vulnerability results from reuse of initialization vectors (IVs) when encrypting the platform's private key, enabling two-time pad attacks where an attacker with access to multiple ciphertexts can recover the plaintext key. The issue affects at-rest encryption of persistent cryptographic material without cryptographically random IV generation per encryption operation.
Summary generated and translated by AI from the official description.
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →