Severity by source
AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.
AnalysisAI
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone. Affected products include: Health Covidsafe. Version information: through 1.0.21.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Andro
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can h
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today