mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
b3d5ed3a03
This commit fixes 'Impersonation in Passkey entry protocol' (CVE-2020-26558) and suggests fixes for other vulnerabilites like 'Impersonation in the Pin Pairing Protocol' (CVE-2020-26555) and 'Authentication of the LE Legacy Pairing Protocol' CVE-2020-26558 can be easily implemented if the peer device can impersonate our public key. This commit adds a check by comparing our and received public key and returns failed pairing if keys are same. This commit also adds comments suggesting to use secure connection when supported by all devices. |
||
---|---|---|
.. | ||
bluedroid | ||
nimble |