Opentrace · Opentrace · CVE-2020-11872
**Name of the Vulnerable Software and Affected Versions**
OpenTrace version 1.0
**Description**
The issue in OpenTrace's Cloud Functions subsystem could potentially allow fabrication attacks. This is possible by making a large number of TempID requests before the rotation of an AES-256-GCM key occurs.
**Recommendations**
For OpenTrace version 1.0, consider implementing a rate limit on TempID requests to minimize the risk of fabrication attacks until a more permanent fix is available.