1. Pairing Protocol Vulnerability: Missing Nonce in Signed Binding Message Opens Door to Session Replay Attack
A cryptographic flaw in a pairing protocol's binding message creates a narrow but real risk of session replay attacks. The protocol's signed binding message, which covers the short code and both ephemeral public keys, lacks a nonce or session identifier. This omission means an attacker who captures a valid `PairingResp...