CVE-2020-12856

Published: May 18, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.

Affected (6)

Products: Alberta: Abtracetogether · Health: Covidsafe · Tracetogether: Tracetogether

1 product

Abtracetogether

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Alberta Abtracetogether	All versions
Alberta Abtracetogether	All versions
Health Covidsafe	Up to 1.0.17
Health Covidsafe	All versions
Tracetogether Tracetogether	All versions
Tracetogether Tracetogether	All versions

References (6)

https://covidsafe.watch/issue-register/cve-2020-12856-long-term-tracking-and-possibly-enables-other-bluetooth-based-attack-vectors

Source: cve@mitre.org

Third Party Advisory

https://docs.google.com/document/d/1u5a5ersKBH6eG362atALrzuXo3zuZ70qrGomWVEC27U/edit?usp=sharing

Source: cve@mitre.org

Third Party Advisory

https://github.com/alwentiu/COVIDSafe-CVE-2020-12856/blob/master/README.md

Source: cve@mitre.org

Third Party Advisory

https://covidsafe.watch/issue-register/cve-2020-12856-long-term-tracking-and-possibly-enables-other-bluetooth-based-attack-vectors

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://docs.google.com/document/d/1u5a5ersKBH6eG362atALrzuXo3zuZ70qrGomWVEC27U/edit?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/alwentiu/COVIDSafe-CVE-2020-12856/blob/master/README.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.