Vulnerability in dormakaba Saflok System Exposes Hotel Door Locks
CVE-2024-29916

Currently unrated

Key Information:

Vendor: dormakaba
Status: Saflok System
Vendor: CVE Published:; 21 March 2024

What is CVE-2024-29916?

The dormakaba Saflok system, prior to the November 2023 software update, is susceptible to unauthorized access, allowing an attacker to unlock doors using forged keycards. If an attacker has access to either an active or expired keycard for the property, they can exploit this vulnerability, known as the 'Unsaflok' issue. This occurs because the key derivation process relies solely on a unique identifier (UID), which can be manipulated. This vulnerability compromises security in various products, including the Saflok MT, as well as the Confidant, Quantum, RT, and Saffire series.

References

https://unsaflok.com

https://news.ycombinator.com/item?id=39779291

https://www.wired.com/story/saflok-hotel-lock-unsaflok-ha...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Mar 21, 2024

JSON