DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions

By [email protected] (Mohit Kumar) DUHK — Don’t Use Hard-coded Keys — is a new ‘non-trivial’ cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions.

DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi attack and ROCA factorization attack.

The vulnerability affects products from dozens of vendors,

Via:: DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions