cve/2021/CVE-2021-34600.md

### [CVE-2021-34600](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34600)
![](https://img.shields.io/static/v1?label=Product&message=CompasX&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2032.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-335%20Incorrect%20Usage%20of%20Seeds%20in%20Pseudo-Random%20Number%20Generator%20(PRNG)&color=brighgreen)

### Description

Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.

### POC

#### Reference
- https://www.x41-dsec.de/lab/advisories/x41-2021-003-telenot-complex-insecure-keygen/

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CyberSaiyanIT/RomHack-Conference
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/SYRTI/POC_to_review
- https://github.com/WhooAmii/POC_to_review
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/soosmile/POC
- https://github.com/trhacknon/Pocingit
- https://github.com/x41sec/CVE-2021-34600
- https://github.com/zecool/cve