PT-2023-20864 · Yale · Yale Keyless Lock
Alexios Mylonas
+2
·
Published
2023-12-03
·
Updated
2024-01-16
·
CVE-2023-26943
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Yale Keyless Lock version v1.0
Description
The issue is related to weak encryption mechanisms in RFID Tags, which allows attackers to create a cloned tag via physical proximity to the original.
Recommendations
For Yale Keyless Lock version v1.0, consider disabling the RFID tag functionality until a patch or fix is available to strengthen the encryption mechanisms. Restrict physical access to the lock to minimize the risk of exploitation.
Exploit
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yale Keyless Lock