Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is "We do not believe that TX power authentication would be a useful defense against relay attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GAEN 协议安全漏洞
Vulnerability Description
GAEN是一个隐私保护的接触者追踪项目,由Apple和Google共同开发的框架和协议规范,用于促进COVID-19大流行期间的数字接触者追踪。 GAEN 协议存在安全漏洞,该漏洞源于加密的元数据块TX价值缺乏一个校验和,允许bitflipping扩大污染攻击。这可能会导致元数据deanonymization和风险分数膨胀。
CVSS Information
N/A
Vulnerability Type
N/A