CVE-2020-12860

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.
Configurations

Configuration 1

cpe:2.3:a:health:covidsafe:*:*:*:*:*:android:*:*
cpe:2.3:a:health:covidsafe:-:*:*:*:*:iphone_os:*:*

Information

Published : 2020-05-18 05:15

Updated : 2021-07-21 11:39


NVD link : CVE-2020-12860

Mitre link : CVE-2020-12860

Products Affected
No products.
CWE