N/A

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time.

N/A

N/A

Bluetooth Core Specification授权问题漏洞

Bluetooth Core Specification是一个规范。定义了开发人员用来创建构成蓬勃发展的蓝牙生态系统的可互操作设备的技术构建块。由蓝牙特别兴趣小组（SIG）监督，并由蓝牙SIG工作组 定期更新和增强，以满足不断发展的技术和市场需求。 Bluetooth Core Specification 2.1 版本至5.2版本存在授权问题漏洞，该漏洞源于Bluetooth LE and BR/EDR 的安全配对，攻击者可利用该漏洞使用配对会话的正确Passkey与响应设备完成身份验证配对。

N/A

N/A