Lucene search
K

96 matches found

ThreatPost
ThreatPost
added 2021/04/20 8:40 p.m.199 views

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock

The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications. The patch was...

8.5AI score0.01214EPSS
Exploits0References9
Jake Archibald's Blog
Jake Archibald's Blog
added 2020/08/07 1:0 a.m.32 views

A padlock problem

There's a difference between what the browser 🔒 means to users, vs what it means to browsers. To users, it means "the page is secure", but to the browser: The certificate dialog in Chrome …it means the "connection" is secure. This is because the security check happens as part of setting up the...

0.3AI score
Exploits0
CNVD
CNVD
added 2020/05/06 12:0 a.m.2 views

Longbrothers Digital OKLOK Code Issue Vulnerability

Longbrothers Digital Fingerprint Bluetooth Padlock FB50 and OKLOK are both products of Longbrothers Digital China.Fingerprint Bluetooth Padlock FB50 is a fingerprint round The Fingerprint Bluetooth Padlock FB50 is a fingerprint round padlock that supports fingerprint unlocking, remote unlocking...

7.5CVSS7.2AI score0.01067EPSS
Exploits1References1
CNVD
CNVD
added 2020/05/06 12:0 a.m.4 views

Longbrothers Digital OKLOK Access Gain Vulnerability

Longbrothers Digital Fingerprint Bluetooth Padlock FB50 and OKLOK are both products of Longbrothers Digital China.Fingerprint Bluetooth Padlock FB50 is a fingerprint round The Fingerprint Bluetooth Padlock FB50 is a fingerprint round padlock that supports fingerprint unlocking, remote unlocking...

9.8CVSS7.3AI score0.01654EPSS
Exploits1References1
CNVD
CNVD
added 2020/05/06 12:0 a.m.6 views

Longbrothers Digital OKLOK Information Disclosure Vulnerability

Longbrothers Digital Fingerprint Bluetooth Padlock FB50 and OKLOK are both products of Longbrothers Digital China.Fingerprint Bluetooth Padlock FB50 is a fingerprint round The Fingerprint Bluetooth Padlock FB50 is a fingerprint round padlock that supports fingerprint unlocking, remote unlocking...

5.3CVSS6.6AI score0.00972EPSS
Exploits1References1
NVD
NVD
added 2020/05/04 2:15 p.m.20 views

CVE-2020-10876

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute...

7.5CVSS7.6AI score0.01067EPSS
Exploits1References2
NVD
NVD
added 2020/05/04 2:15 p.m.26 views

CVE-2020-8791

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary...

6.5CVSS6.5AI score0.01022EPSS
Exploits1References1
NVD
NVD
added 2020/05/04 2:15 p.m.16 views

CVE-2020-8790

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...

9.8CVSS9.6AI score0.01654EPSS
Exploits1References1
OSV
OSV
added 2020/05/04 2:15 p.m.4 views

CVE-2020-8790

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...

9.8CVSS5.8AI score0.01654EPSS
Exploits1References1
NVD
NVD
added 2020/05/04 2:15 p.m.25 views

CVE-2020-8792

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid...

5.3CVSS5.4AI score0.00972EPSS
Exploits1References1
Prion
Prion
added 2020/05/04 2:15 p.m.19 views

Code injection

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute...

5CVSS7.6AI score0.01067EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2020/05/04 2:15 p.m.17 views

Design/Logic Flaw

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...

7.5CVSS9.5AI score0.01654EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/05/04 2:15 p.m.14 views

Code injection

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid...

5CVSS5.4AI score0.00972EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/05/04 1:34 p.m.42 views

CVE-2020-8792

The CVE-2020-8792 entry concerns the OKLOK 3.1.1 mobile companion app for the Fingerprint Bluetooth Padlock FB50 (2.3), where an information-disclosure flaw allows an attacker to learn arbitrary users’ emails and lock names by supplying valid, guessable barcodes through the app interface. Technic...

5.3CVSS5.3AI score0.00972EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/05/04 1:22 p.m.40 views

CVE-2020-8791

The CVE-2020-8791 entry covers the OKLOK ecosystem (OKLOK 3.1.1 mobile app for the Fingerprint Bluetooth Padlock FB50 2.3). The vulnerability is an IDOR flaw allowing an authenticated but unauthorized token to perform API requests on behalf of arbitrary user IDs, enabling exposure of user data su...

6.5CVSS6.5AI score0.01022EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/05/04 1:18 p.m.51 views

CVE-2020-8790

The CVE-2020-8790 entry concerns the OKLOK 3.1.1 mobile app for the Fingerprint Bluetooth Padlock FB50 (2.3). The root cause described across connected sources is weak password requirements combined with insufficient restriction of repeated authentication attempts, enabling a remote attacker to b...

9.8CVSS9.5AI score0.01654EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/05/04 1:18 p.m.23 views

CVE-2020-8790

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack...

9.6AI score0.01654EPSS
Exploits1References1
CVE
CVE
added 2020/05/04 1:9 p.m.41 views

CVE-2020-10876

The CVE concerns the OKLOK mobile companion app (version 3.1.1) for Fingerprint Bluetooth Padlock FB50 (2.3). Root cause: timeout not implemented and verification attempt limits are not properly enforced on the four-digit code used to reset passwords. Impact: attacker can brute‑force the code to ...

7.5CVSS7.6AI score0.01067EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/05/04 1:9 p.m.22 views

CVE-2020-10876

The OKLOK 3.1.1 mobile companion app for Fingerprint Bluetooth Padlock FB50 2.3 does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute...

7.7AI score0.01067EPSS
Exploits1References2
CNVD
CNVD
added 2020/03/06 12:0 a.m.2 views

Unauthorized Access Vulnerability in O1 Smart Padlock of Shenzhen IOT Lock Technology Co.

O1 smart padlock produced by Shenzhen IOT Lock Technology Co., Ltd. is a smart lock that can be unlocked via Bluetooth using cell phone APP. Ltd. O1 smart padlock has an unauthorized access vulnerability that can be exploited by an attacker to remotely unlock the lock by replaying the user's unlo...

6.8AI score
Exploits0
Rows per page
Query Builder