Vulnerabilities

CVE-2020-24722: GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues

October 6, 2020

Posted by Stefan Marsiske via Fulldisclosure on Oct 06

GAEN Protocol Metadata Deanonymization and Risk-score Inflation Issues (CVE-2020-24722)

Summary

The TX Power value in the metadata in the beacon of the GAEN protocol
used by the corona/contact tracing app allows for attackers to
influence risk-score calculations in their favor, the same metadata
can also be used to deanonymize diagnosed users based on the type of
phone they are using.

Intro: GAEN Metadata in a nutshell

The beacon sent out by…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source

Tags: cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

[OBSCURA] – Ransomware Victim: Thompson Dorfman Sweatman

October 30, 2025

[QILIN] – Ransomware Victim: Center for Neuropsychology Learning and Development

October 30, 2025

[SINOBI] – Ransomware Victim: Post Ranch Inn

October 30, 2025

CVE Alert: CVE-2025-24893 – xwiki – xwiki-platform

October 30, 2025

CVE Alert: CVE-2025-41244 – VMware – VCF operations

October 30, 2025

Original Source

You may have missed

[OBSCURA] – Ransomware Victim: Thompson Dorfman Sweatman

[QILIN] – Ransomware Victim: Center for Neuropsychology Learning and Development

[SINOBI] – Ransomware Victim: Post Ranch Inn

CVE Alert: CVE-2025-24893 – xwiki – xwiki-platform

CVE Alert: CVE-2025-41244 – VMware – VCF operations