PT-2020-13302 · Australian Government · Covidsafe
Published
2020-05-18
·
Updated
2021-07-21
·
CVE-2020-12857
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
COVIDSafe versions 1.0.15 through 1.0.16
Description
The issue allows a remote attacker to long-term re-identify an Android device running COVIDSafe due to the caching of GATT characteristic values (TempID).
Recommendations
For COVIDSafe versions 1.0.15 and 1.0.16, consider disabling the caching of GATT characteristic values as a temporary workaround until a patch is available.
Restrict access to the TempID to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Covidsafe