CVE-2020-12859

Name of the Vulnerable Software and Affected Versions COVIDSafe versions through v1.0.17

Description The issue allows a remote attacker to identify a device model by observing cleartext payload data in the OpenTrace/BlueTrace protocol. This enables re-identification of devices, particularly less common phone models or those in low-density situations.

Recommendations For COVIDSafe versions through v1.0.17, update to a version later than v1.0.17 to resolve the issue. As a temporary workaround, consider restricting access to the cleartext payload data in the OpenTrace/BlueTrace protocol until a patch is available.