Oklok@3.1.1 Security Vulnerabilities and Issues — Oklok@3.1.1 CVE List

Lucene search

Oklok ProjectOklok3.1.1

4 matches found

CVE•added 2020/05/04 2:15 p.m.•38 views

CVE-2020-8790

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack.

9.8CVSS9.5AI score0.01043EPSS

CVE•added 2020/05/04 2:15 p.m.•30 views

CVE-2020-8792

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Vali...

5.3CVSS5.3AI score0.00232EPSS

CVE•added 2020/05/04 2:15 p.m.•29 views

CVE-2020-10876

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute ...

7.5CVSS7.6AI score0.00206EPSS

CVE•added 2020/05/04 2:15 p.m.•28 views

CVE-2020-8791

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrar...

6.5CVSS6.5AI score0.00333EPSS