CVE-2023-34625

Published: Jul 20, 2023

Modified: Oct 30, 2024

PUBLISHED

Description

ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed, can obtain the latest BLE messages via the app logs and use them for opening the lock.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.whid.ninja/blog/mojobox-yet-another-not-so-smartlock

https://mandomat.github.io/2023-03-15-testing-mojobox-security/

https://packetstormsecurity.com/2307-exploits/mojobox14-replay.txt

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-34625

Description

Affected Products

References