CVE-2020-26556
N/A
N/A
Summary
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.kb.cert.org/vuls/id/799380
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
- https://kb.cert.org/vuls/id/799380
References
- https://www.kb.cert.org/vuls/id/799380
- https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/
- https://kb.cert.org/vuls/id/799380
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.