CVE-2024-23688
Published: 19 January 2024
Summary
CVE-2024-23688 is a medium-severity Reusing a Nonce, Key Pair in Encryption (CWE-323) vulnerability in Consensys Discovery. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked in the top 31.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-21150
Vulnerability details
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Nonce reuse in AES/GCM encryption of the Consensys Discovery protocol (used for Ethereum node peer discovery) leaks session keys from captured traffic, facilitating network sniffing (T1040) to perform remote system discovery (T1018) and network service discovery (T1046).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Key generation under controlled management uses approved random-bit sources rather than insufficiently random values.