3 matches found
CVE-2020-26559
A flaw was found in the Linux kernel’s Bluetooth Mesh Profile implementation. The Mesh Provisioning procedure has a vulnerability that allows an attacker that was provisioned without access to the AuthValue to identify the AuthValue directly, without brute-forcing its value. Even when a randomly...
CVE-2020-26556
A flaw was found in the Linux kernel’s authentication protocol in the Bluetooth® Mesh Profile Specification. A vulnerability occurs if the AuthValue is identified during the provisioning procedure, even if the AuthValue is selected randomly. This flaw allows an attacker to identify the AuthValue...
CVE-2020-26556
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment...