Vulnerability Details CVE-2020-10876
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-10876
-
cpe:2.3:a:oklok_project:oklok:3.1.1
-
cpe:2.3:h:mica:fingerprint_bluetooth_padlock_fb50:-