Vulnerabilities > CVE-2020-10876 - Improper Restriction of Excessive Authentication Attempts vulnerability in Oklok Project Oklok 3.1.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

oklok-project

CWE-307

NVD

Published: 2020-05-04

Updated: 2020-05-15

Summary

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account.

Vulnerable Configurations

Part	Description	Count
Application	Oklok_Project Oklok Project Oklok 3.1.1	1
Hardware	Mica Mica Fingerprint Bluetooth Padlock Fb50 -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References