電腦攻防實務 Project 2 CVE分析 CVE分析1:CVE-2006-3146 DoS attack(Denial of Service attack):利用一些攻擊放是來耗盡目標設備的資源或頻寬,以此讓其他使用者無法使用到目標設備提供的服務,若是兩台以上的攻擊電腦執行則稱為DDoS Attack(distributed denial-of-service attack)。 使用設備: 紅外線藍牙
Devices supporting Bluetooth prior to 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bluetooth bluetooth core specification |
BORKlife! Flaw allows overwriting of keys by the habitual voyeur
The Bluetooth Special Interest Group has admitted some previous iterations of its technology had a flaw that could be exploited to hijack or eavesdrop on nearby connections. Named BLURtooth, aka CVE-2020-15802, the flaw was present in the Bluetooth BR/EDR (Bluetooth Basic Rate/Enhanced Data Rate) from specification version 4.2 to 5.0. The latest version of the Bluetooth spec is 5.2. Version 4.2 debuted in December 2014 and version 5.0 came along two years later. In 2015 alone the world was crank...