ISNs for TCP connections not sufficiently random
silabs-steveegerter opened this issue · 0 comments
silabs-steveegerter commented
Initial sequence numbers (ISNs) are not derived from a sufficiently random source which could lead to an attacker either hijacking an existing connection or spoofing future connections. ISNs should adhere to RFC6528 to be more secure. ISNs are retrieved by NetUtil_InitSeqNbrGet().