PT-2020-20280 · Oklok · Oklok Mobile Companion App+1

Published

2020-05-04

Updated

2021-07-21

CVE-2020-8790

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OKLOK mobile companion app version 3.1.1 Fingerprint Bluetooth Padlock FB50 version 2.3

Description The issue is related to weak password requirements and improper restriction of excessive authentication attempts. This could allow a remote attacker to discover user credentials and obtain access via a brute force attack.

Recommendations For OKLOK mobile companion app version 3.1.1, consider implementing stronger password requirements and proper restriction of excessive authentication attempts to prevent brute force attacks. For Fingerprint Bluetooth Padlock FB50 version 2.3, restrict access to the device until the issue is resolved, and ensure that authentication mechanisms are properly secured to prevent unauthorized access.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-521

Related Identifiers

CVE-2020-8790

Affected Products

Fingerprint Bluetooth Padlock Fb50

Oklok Mobile Companion App

PT-2020-20280 · Oklok · Oklok Mobile Companion App+1

CVE-2020-8790

Weakness Enumeration

Related Identifiers

Affected Products

References · 4