esp-idf

alex/esp-idf

Fork 0

mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00

Commit Graph

Author	SHA1	Message	Date
Chinmay Chhajed	fb55f9f397	Bluedroid: Check only x component of passkey to avoid passkey impersonation attack.	2021-05-31 07:12:57 +00:00
Chinmay Chhajed	0b84a1242e	Bluedroid: Fixes for some vulnerabilities. This commit fixes 'Impersonation in Passkey entry protocol' (CVE-2020-26558) and suggests fixes for other vulnerabilites like 'Impersonation in the Pin Pairing Protocol' (CVE-2020-26555) and 'Authentication of the LE Legacy Pairing Protocol' CVE-2020-26558 can be easily implemented if the peer device can impersonate our public key. This commit adds a check by comparing our and received public key and returns failed pairing if keys are same. This commit also adds comments suggesting to use secure connection when supported by all devices.	2020-12-25 16:03:33 +05:30

Author

SHA1

Message

Date

Chinmay Chhajed

fb55f9f397

Bluedroid: Check only x component of passkey to avoid passkey impersonation attack.

2021-05-31 07:12:57 +00:00

Chinmay Chhajed

0b84a1242e

Bluedroid: Fixes for some vulnerabilities.

This commit fixes 'Impersonation in Passkey entry protocol'
(CVE-2020-26558) and suggests fixes for other vulnerabilites like
'Impersonation in the Pin Pairing Protocol' (CVE-2020-26555) and
'Authentication of the LE Legacy Pairing Protocol'

CVE-2020-26558 can be easily implemented if the peer device can
impersonate our public key. This commit adds a check by comparing our
and received public key and returns failed pairing if keys are same.

This commit also adds comments suggesting to use secure connection when
supported by all devices.

2020-12-25 16:03:33 +05:30

2 Commits