25 matches found
CVE-2020-12859
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...
CVE-2020-12717
The COVIDSafe Australia app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. T...
CVE-2020-12856
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used...
EUVD-2020-4212
Malware in sbrugna...
EUVD-2020-5141
Malware in sbrugna...
CVE-2020-11872
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs...
Unspecified vulnerability in COVIDSafe app
COVIDSafe app is an Australian coronavirus contact tracing app. The COVIDSafe app suffers from an unspecified vulnerability that stems from an unnecessary field in the OpenTrace/BlueTrace protocol. An attacker can exploit the vulnerability by looking at plaintext payload data to confirm the model...
OpenTrace has an unspecified vulnerability
OpenTrace is an implementation of the BlueTrace Epidemiology Contact Tracking Privacy Protection Protocol. A security vulnerability exists in OpenTrace used in COVIDSafe 1.0.17 and earlier versions, TraceTogether and ABTraceTogether and other apps iOS and Android, which can be exploited by a remo...
CVE-2020-12859
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...
CVE-2020-12859
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...
Design/Logic Flaw
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...
CVE-2020-12859
The CVE concerns COVIDSafe’s OpenTrace/BlueTrace protocol (up to v1.0.17). Unnecessary fields in the protocol payload allow a remote attacker to identify a device model by observing cleartext data, enabling re-identification of devices, particularly for less common phone models or in low-density ...
CVE-2020-12859
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations...
CVE-2020-12856
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used...
Design/Logic Flaw
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used...
CVE-2020-12856
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used...
CVE-2020-12856
OpenTrace (used in COVIDSafe up to v1.0.17) and similar apps on iOS/Android expose a vulnerability where Bluetooth usage enables long-term user re-identification by remote attackers, per CVE-2020-12856. Red‑hat and other sources mirror this description. The Android security bulletin lists CVE-202...
CVE-2020-12717
The COVIDSafe Australia app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. T...
CVE-2020-12717
The COVIDSafe Australia app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. T...
Code injection
The COVIDSafe Australia app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. T...