VYPR
Vendor

OKLOK

Products
2
CVEs
4
Across products
5
Status
Private

Products

2

Recent CVEs

4
  • CVE-2020-8790CriMay 4, 2020
    risk 0.64cvss 9.8epss 0.02

    The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a…

  • CVE-2020-10876HigMay 4, 2020
    risk 0.49cvss 7.5epss 0.01

    The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows…

  • CVE-2020-8791MedMay 4, 2020
    risk 0.42cvss 6.5epss 0.01

    The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests…

  • CVE-2020-8792MedMay 4, 2020
    risk 0.35cvss 5.3epss 0.01

    The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the…