CVE-2020-12858

Severity CVSS v4.0:
Pending analysis
Type:
CWE-330 Use of Insufficiently Random Value
Publication date:
18/05/2020
Last modified:
21/07/2021

Description

Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:health:covidsafe:*:*:*:*:*:android:*:* 1.0.17 (excluding)