Predictable or brute forceable AuthValue in BM Provisioning (M-A2)

Description

Predictable or brute forceable AuthValue in BM Provisioning (M-A2)

Risk Assesment: 7.5

CWE

287

CVE

26557

Attack Surfaces

Bond Management (MITRE EMB3D PID-4113)

Provisioning

Authentication

Attack Vectors

Key brute force (MITRE EMB3D TID-317)

Defenses

Avoid easily guessable AuthValues, Use AuthValues with maximum entropy (128-bits) and randomly select a new AuthValue using a secure rng with each new provisioning attempt

ORSHIN Attack Defense Framework

Predictable or brute forceable AuthValue in BM Provisioning (M-A2)

Description

CWE

CVE

Attack Surfaces

Attack Vectors

Defenses