Lucene search

K

Covidsafe Security Vulnerabilities

cve
cve

CVE-2020-14292

In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone...

5.7CVSS

6.4AI Score

0.002EPSS

2020-09-09 05:15 PM
23
cve
cve

CVE-2020-12859

Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density...

5.3CVSS

5.2AI Score

0.002EPSS

2020-05-18 05:15 AM
35
cve
cve

CVE-2020-12857

Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running...

7.5CVSS

7.3AI Score

0.004EPSS

2020-05-18 05:15 AM
30
cve
cve

CVE-2020-12858

Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising...

7.5CVSS

7.4AI Score

0.007EPSS

2020-05-18 05:15 AM
28
cve
cve

CVE-2020-12860

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's...

5.3CVSS

5.2AI Score

0.002EPSS

2020-05-18 05:15 AM
27
cve
cve

CVE-2020-12856

OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is...

9.8CVSS

9.4AI Score

0.009EPSS

2020-05-18 04:15 AM
50
2
cve
cve

CVE-2020-12717

The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call......

6.5CVSS

6.2AI Score

0.001EPSS

2020-05-14 05:15 AM
93