CVE-2020-10876
- EPSS 0.21%
- Veröffentlicht 04.05.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 04:56:16
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verific...
CVE-2020-8790
- EPSS 1.04%
- Veröffentlicht 04.05.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:39:26
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentia...
CVE-2020-8791
- EPSS 0.33%
- Veröffentlicht 04.05.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:39:26
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to mak...
CVE-2020-8792
- EPSS 0.23%
- Veröffentlicht 04.05.2020 14:15:13
- Zuletzt bearbeitet 21.11.2024 05:39:26
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the loc...