CVE-2020-8790 : What You Need to Know

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, potentially allowing a remote attacker to discover user credentials through brute force.

Understanding CVE-2020-8790

This CVE identifies a security vulnerability in the OKLOK mobile companion app for the Fingerprint Bluetooth Padlock FB50.

What is CVE-2020-8790?

The vulnerability arises from weak password requirements and inadequate restrictions on authentication attempts, enabling attackers to exploit the app's authentication process.

The Impact of CVE-2020-8790

The vulnerability could lead to unauthorized access to the padlock, compromising user security and privacy.

Technical Details of CVE-2020-8790

The following details provide a deeper insight into the technical aspects of this CVE.

Vulnerability Description

The weak password requirements and lack of proper restrictions on authentication attempts in the OKLOK mobile app create a security gap exploitable by attackers.

Affected Systems and Versions

OKLOK mobile companion app version 3.1.1
Fingerprint Bluetooth Padlock FB50 version 2.3

Exploitation Mechanism

Attackers can leverage brute force techniques to uncover user credentials and gain unauthorized access to the padlock.

Mitigation and Prevention

Protecting against CVE-2020-8790 requires immediate actions and long-term security practices.

Immediate Steps to Take

Update the OKLOK app and the padlock firmware to the latest versions.
Implement strong, unique passwords for the app and padlock.
Monitor authentication attempts for unusual patterns.

Long-Term Security Practices

Regularly review and enhance password policies.
Conduct security assessments and penetration testing on the app and padlock.

Patching and Updates

Stay informed about security updates for the OKLOK app and the padlock.