Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary temporary UID. An attacker with access to Beacon or IoT networks can seamlessly track individual device movement via a Bluetooth LE discovery mechanism.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
Apple/Google Exposure Notification API 信息泄露漏洞
Vulnerability Description
Apple/Google Exposure Notification API是一款针对流行性疾病的联系人跟踪调查应用程序。 Apple/Google Exposure Notification API beta 2020-05-29及之前版本中存在信息泄露漏洞。攻击者可借助滚动近距离标识符(Rolling Proximity Identifier)利用该漏洞绕过Bluetooth Smart隐私保护和通过蓝牙LE发现机制无缝跟踪单个设备的位置。
CVSS Information
N/A
Vulnerability Type
N/A