Kerry Enfinger

**Name of the Vulnerable Software and Affected Versions** Tzumi Electronics Klic Lock application version 1.0.9 Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2 **Description** The issue allows attackers to bypass authentication in website post requests, enabling them to access resources that would otherwise require proper authentication. This can be achieved through capture-replay by physically proximate attackers, potentially leading to unauthorized access to the Tzumi Electronics Klic Smart Padlock. **Recommendations** For Tzumi Electronics Klic Lock application version 1.0.9, update the application to a version that addresses the authentication bypass issue. For Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2, update the firmware to a version that resolves the vulnerability.