Vulnerabilities > Health > Covidsafe > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-18 | CVE-2020-12860 | Information Exposure vulnerability in Health Covidsafe 1.0.11/1.0.16 COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. | 5.0 |
2020-05-18 | CVE-2020-12859 | Cleartext Storage of Sensitive Information vulnerability in Health Covidsafe 1.0.11/1.0.16 Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. | 5.0 |
2020-05-18 | CVE-2020-12858 | Improper Initialization vulnerability in Health Covidsafe 1.0.11/1.0.16 Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons. | 5.0 |
2020-05-18 | CVE-2020-12857 | Information Exposure vulnerability in Health Covidsafe 1.0.11/1.0.16 Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe. | 5.0 |
2020-05-14 | CVE-2020-12717 | The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. | 6.5 |