TID-317: Predictable Cryptographic Key
Threat Description
If the device does not generate sufficiently random cryptographic primitives, a threat actor could predict or brute-force guess a key to either gain unauthorized access to the device or decrypt a connection. Cryptographic keys that are not generated with random “seed” information, including from Pseudo-Random Number Generators (PRNG), will lack sufficient entropy. For example, researchers have demonstrated that a large number of Internet exposed devices with TLS or SSH services utilized the same RSA moduli, which could be then used to determine the device’s private key and then used to remotely authenticate with the device.
Threat Maturity and Evidence
Proof of Concept
Heninger, N. et al. “Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices”
Researchers demonstrated that many internet connected devices had insufficient randomness in their TLS certificates. Additionaly, many of these devices had the same key as other devices. Lastly, for some of these keys, it was possible for researchers to derive private keys.
CWE
CWE-331: Insufficient Entropy (Base)
“The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.”
CWE-338: Use of Cryptographically Weak
Pseudo-Random Number Generator (PRNG) (Base) “The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG’s algorithm is not cryptographically strong.”
CVE
Honeywell OneWireless Wireless Device Manager | CISA - CVE-2022-43485
“Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client’s JWT token. This issue affects OneWireless version 322.1”
Tropos Wireless Mesh Routers | CISA - CVE-2012-4898
“Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.”