A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload.

A flaw exists in tang, a network-based cryptographic binding server, which could result in leak of private keys.