Device Model Identification Vulnerability in OpenTrace/BlueTrace Protocol in COVIDSafe v1.0.17

Device Model Identification Vulnerability in OpenTrace/BlueTrace Protocol in COVIDSafe v1.0.17

CVE-2020-12859 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations.

Learn more about our Web Application Penetration Testing UK.