Authentication Bypass by Spoofing

CVE-2020-10135

Medium

4.8/10

Summary

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

Access Complexity: LOW
AccessVector: ADJACENT_NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-290 - Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

Advisory Timeline

Published May 19, 2020

Authentication Bypass by Spoofing

CVE-2020-10135

Summary

CWE-290 - Authentication Bypass by Spoofing

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS