PT-2020-13301 · Government Of Alberta+2 · Abtracetogether+2

Alwen Tiu

Published

2020-05-18

Updated

2020-11-01

CVE-2020-12856

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenTrace versions prior to 1.0.18 COVIDSafe versions prior to 1.0.18 TraceTogether versions prior to 1.0.18 ABTraceTogether versions prior to 1.0.18

Description The issue allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.

Recommendations For OpenTrace version 1.0.17 and earlier, update to version 1.0.18 or later. For COVIDSafe version 1.0.17 and earlier, update to version 1.0.18 or later. For TraceTogether version 1.0.17 and earlier, update to version 1.0.18 or later. For ABTraceTogether version 1.0.17 and earlier, update to version 1.0.18 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ASB-A-157038281

CVE-2020-12856

Affected Products

Abtracetogether

Covidsafe

Opentrace

PT-2020-13301 · Government Of Alberta+2 · Abtracetogether+2

CVE-2020-12856

Related Identifiers

Affected Products

References · 13