CVE-2020-8791

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary user IDs. Valid and current user IDs are trivial to guess because of the user ID assignment convention used by the app. A remote attacker could harvest email addresses, unsalted MD5 password hashes, owner-assigned lock names, and owner-assigned fingerprint names for any range of arbitrary user IDs.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/fierceoj/ownklok	Exploit Third Party Advisory
https://github.com/fierceoj/ownklok	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oklok_project:oklok:3.1.1:*:*:*:*:iphone_os:*:*

History

21 Nov 2024, 05:39

Type	Values Removed	Values Added
References	~~() https://github.com/fierceoj/ownklok - Exploit, Third Party Advisory~~	() https://github.com/fierceoj/ownklok - Exploit, Third Party Advisory

Information

Published : 2020-05-04 14:15

Updated : 2024-11-21 05:39

NVD link : CVE-2020-8791

Mitre link : CVE-2020-8791

CVE.ORG link : CVE-2020-8791

JSON object : View

Products Affected

oklok_project

oklok

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2020-8791", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-05-04T14:15:13.527", "references": [{"url": "https://github.com/fierceoj/ownklok", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/fierceoj/ownklok", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary user IDs. Valid and current user IDs are trivial to guess because of the user ID assignment convention used by the app. A remote attacker could harvest email addresses, unsalted MD5 password hashes, owner-assigned lock names, and owner-assigned fingerprint names for any range of arbitrary user IDs."}, {"lang": "es", "value": "La aplicaci\u00f3n m\u00f3vil complementaria OKLOK (versi\u00f3n 3.1.1) para el Fingerprint Bluetooth Padlock FB50 (versi\u00f3n 2.3), permite a atacantes remotos enviar peticiones de la API usando tokens autenticados pero no autorizados, resultando en problemas de IDOR. Un atacante remoto puede usar su propio token para hacer peticiones de la API no autorizadas en nombre de IDORs de usuario arbitrarios. Los ID de usuario v\u00e1lidos y actuales son triviales de adivinar debido a la convenci\u00f3n de asignaci\u00f3n de ID de usuario usada por la aplicaci\u00f3n. Un atacante remoto podr\u00eda recolectar direcciones de correo electr\u00f3nico, hashes de contrase\u00f1as MD5 sin sal, nombres de candados asignados por el propietario y nombres de huellas dactilares asignados por el propietario para cualquier rango de ID de usuario arbitrarios."}], "lastModified": "2024-11-21T05:39:26.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oklok_project:oklok:3.1.1:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "BD4A4E73-78DE-4A92-B729-F425AF47CDEB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}