Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-05-18T04:16:00
Updated: 2024-08-04T12:04:22.881Z
Reserved: 2020-05-14T00:00:00
Link: CVE-2020-12859
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-05-18T05:15:14.497
Modified: 2020-05-20T19:08:14.703
Link: CVE-2020-12859
Redhat
No data.