Vulnerabilities > CVE-2020-12857 - Incomplete Cleanup vulnerability in Health Covidsafe 1.0.11/1.0.16/1.0.17

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
health
CWE-459

Summary

Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.

Vulnerable Configurations

Part Description Count
Application
Health
4

Common Weakness Enumeration (CWE)