The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the…
mitre·CWE-307·Published 2020-05-04
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account.
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account.
La aplicación móvil complementaria OKLOK (versión 3.1.1) para Fingerprint Bluetooth Padlock FB50 (versión 2.3), no implementa correctamente su tiempo de espera en el código de verificación de cuatro dígitos que se requiere para restablecer las contraseñas, ni restringe apropiadamente los intentos de verificación excesiva. Esto permite a un atacante forzar bruscamente el código de verificación de cuatro dígitos para omitir la verificación de correo electrónico y cambiar la contraseña de una cuenta víctima.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.0 | 10.0 | 2.9 | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| 3.1 | Primary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |