CVE-2020-10876

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute...

CVE-2020-8792

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid...

CVE-2020-8790

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...

CVE-2020-8791

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary...

CVE-2020-8790

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...