Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

🗓️ 23 Apr 2022 07:00:00Reported by MicrosoftType

mscve

mscve🔗 msrc.microsoft.com👁 1 Views

Bluetooth pairing can leak passkey bits via key reflection in Core Specification 2.1–5.2.

Reporter	Title	Published	Views	Family All 297
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2-2021-1685 (ALAS-2021-1685)	16 Jul 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-002 (ALASKERNEL-5.10-2022-002)	2 May 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2022-004 (ALASKERNEL-5.4-2022-004)	2 May 202200:00	–	nessus
Tenable Nessus	CentOS 8 : bluez (CESA-2021:4432)	11 Nov 202100:00	–	nessus
Tenable Nessus	Debian DLA-2689-1 : linux - LTS security update	24 Jun 202100:00	–	nessus
Tenable Nessus	Debian DLA-2690-1 : linux-4.19 security update	24 Jun 202100:00	–	nessus
Tenable Nessus	Debian DLA-2692-1 : bluez - LTS security update	28 Jun 202100:00	–	nessus
Tenable Nessus	Debian DSA-4951-1 : bluez - security update	8 Aug 202100:00	–	nessus
Tenable Nessus	GLSA-202209-16 : BlueZ: Multiple Vulnerabilities	29 Sep 202200:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : bluez (openSUSE-SU-2021:2291-1)	16 Jul 202100:00	–	nessus

Vulners

Node

microsoft cm1_kernel_5.10.116.1-1Range<-

23 Apr 2022 07:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.14.2

CVSS 24.3

EPSS0.00034

bluetooth pairing man in middle passkey leak reflection attack core specification security standard