Authentication Bypass by Spoofing

CVE-2020-27276

Medium

5.7/10

Summary

SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-290 - Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

Advisory Timeline

Published Jan 19, 2021

Authentication Bypass by Spoofing

CVE-2020-27276

Summary

CWE-290 - Authentication Bypass by Spoofing

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS