CVE-2022-24402
Intentionally weakened effective strength in TETRA TEA1
In short
TETRA TEA1 encryption reduces an 80-bit key to just 32 bits during operation, making it vulnerable to brute-force attacks that can crack the encryption in reasonable time.
Technical detail
The TEA1 keystream generator's key register initialization compresses the full 80-bit key material to 32 bits effective entropy for keystream generation, enabling exhaustive search attacks with feasible computational cost. This design weakness significantly reduces the cryptographic strength below the theoretical key size, allowing attackers to recover the keystream through key enumeration.
Summary generated and translated by AI from the official description.
The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:A/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H
Affected products
ETSI · TETRA StandardWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://tetraburst.com/