Vulnerability: Brute-Force Attack on Insufficiently Random AuthValue in Bluetooth Mesh Provisioning

Vulnerability: Brute-Force Attack on Insufficiently Random AuthValue in Bluetooth Mesh Provisioning

CVE-2020-26556 · HIGH Severity

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.

Learn more about our Web Application Penetration Testing UK.