QwikSec

Security Database

CVE

CWE

Training

CVE-2020-24721

Published: Sep 30, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the persistent state of a private framework.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://blog.google/inside-google/company-announcements/update-exposure-notifications

x_refsource_MISC

https://github.com/minvws/nl-covid19-notification-app-coordination/blob/master/CVEs/CVE-2020-24721.txt

x_refsource_MISC

FULLDISC: 20200929 CVE-2020-24721: Corona Exposure Notifications API: risk of coercion/data leakage [vs]

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/159419/Corona-Exposure-Notifications-API-Data-Leakage.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.