14 matches found
CVE-2020-8790
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...
MEGAFEIS DBD+ 安全漏洞
MEGAFEIS DBD+ is a smart fingerprint Bluetooth padlock from MEGAFEIS. A security vulnerability exists in MEGAFEIS DBD+ v1.4.4, which can be exploited by attackers to access sensitive account information...
Longbrothers Digital OKLOK Information Disclosure Vulnerability
Longbrothers Digital Fingerprint Bluetooth Padlock FB50 and OKLOK are both products of Longbrothers Digital China.Fingerprint Bluetooth Padlock FB50 is a fingerprint round The Fingerprint Bluetooth Padlock FB50 is a fingerprint round padlock that supports fingerprint unlocking, remote unlocking...
CVE-2020-8791
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary...
CVE-2020-8790
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...
CVE-2020-8792
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid...
CVE-2020-10876
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute...
Design/Logic Flaw
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...
Code injection
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute...
Code injection
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid...
CVE-2020-8792
The CVE-2020-8792 entry concerns the OKLOK 3.1.1 mobile companion app for the Fingerprint Bluetooth Padlock FB50 (2.3), where an information-disclosure flaw allows an attacker to learn arbitrary users’ emails and lock names by supplying valid, guessable barcodes through the app interface. Technic...
CVE-2020-8790
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...
CVE-2020-10876
The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute...
CVE-2020-10876
The CVE concerns the OKLOK mobile companion app (version 3.1.1) for Fingerprint Bluetooth Padlock FB50 (2.3). Root cause: timeout not implemented and verification attempt limits are not properly enforced on the four-digit code used to reset passwords. Impact: attacker can brute‑force the code to ...