CVE-2024-29916 Information

Description

The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards if the attacker has obtained one active or expired keycard for the specific property aka the �nsaflok\ issue. This occurs in part because the key derivation function relies only on a UID. This affects for example Saflok MT and the Confidant Quantum RT and Saffire series.

Reference

https://unsaflok.com https://news.ycombinator.com/item?id=39779291 https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/