CVE-2023-34625

Name of the Vulnerable Software and Affected Versions ShowMojo MojoBox Digital Lockbox version 1.4

Description The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user can intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed can obtain the latest BLE messages via the app logs and use them for opening the lock.

Recommendations For ShowMojo MojoBox Digital Lockbox version 1.4, consider disabling the BLE lock opening mechanism until a patch is available. Restrict access to the app logs to minimize the risk of exploitation. Avoid using the Android app to open the lock until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.