CVE-2020-14292

2020-09-09T17:15:00
ID CVE-2020-14292
Type cve
Reporter cve@mitre.org
Modified 2021-07-21T11:39:00

Description

In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.