QwikSec

Security Database

CVE

CWE

Training

CVE-2020-26556

Published: May 24, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_CERT-VN

https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security/

x_refsource_MISC

https://kb.cert.org/vuls/id/799380

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.