6 matches found
EUVD-2022-30476
Malicious code in bioql PyPI...
The vulnerability in the implementation of Secure Connections Pairing and Secure Simple Pairing according to the Bluetooth Core Specification allows a attacker to carry out a “man-in-the-middle” attack.
The vulnerability of the Secure Connections Pairing and Secure Simple Pairing implementations in the Bluetooth Core Specification relates to the retrieval of session keys upon accessing a channel from a non-endpoint. Exploiting this vulnerability could allow an attacker to carry out a...
CVE-2022-25836
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing...
CVE-2020-10135 Bluetooth devices supporting BR/EDR v5.2 and earlier are vulnerable to impersonation attacks
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth...
CVE-2019-19194
The Bluetooth Low Energy Secure Manager Protocol SMP implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key LTK if an out-of-order link-layer encryption request...
Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
Overview Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Description CWE-325: Missi...