A critical vulnerability exists in multiple Dormakaba Saflok System products that allows an attacker to create their own valid access keys. The system uses a predictable method to generate keys from a card's unique identifier, enabling unauthorized individuals to bypass physical security controls and gain access to secured areas. This flaw presents a severe risk of physical intrusion, theft, and compromise of sensitive environments.

The vulnerability lies in a deterministic key generation algorithm within the Dormakaba Saflok System. The system creates cryptographic access keys using a predictable, simple mathematical transformation of a card's 32-bit unique identifier (UID). An attacker can obtain a card's UID (e.g., through physical access or using a nearby RFID/NFC reader) and apply the known transformation to calculate the corresponding access key, effectively allowing them to clone or create a master key without authorization.

This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the ease of exploitation and the potential for complete compromise of physical security. Successful exploitation could lead to unauthorized physical access to facilities, including corporate offices, server rooms, and other restricted areas. The consequences include theft of physical assets, intellectual property, and sensitive data, as well as potential harm to personnel and significant reputational damage to the organization.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor. Organizations must update all affected Dormakaba Saflok System components, including lock firmware and management software, to the latest version immediately. Following the update, closely monitor for any unusual access attempts and conduct a thorough review of historical access logs for signs of compromise.

Proactive Monitoring: Implement enhanced monitoring of physical access control systems. Specifically, look for logs showing an unusual pattern of access, such as multiple failed attempts followed by a successful entry from an unfamiliar card ID, or access events at odd hours or in locations inconsistent with employee roles. Correlate access logs with surveillance video where available to verify the identity of individuals entering sensitive areas.

Compensating Controls: If patching cannot be deployed immediately, implement compensating controls to mitigate risk. These include adding a secondary authentication factor (e.g., PIN code) for entry to high-security areas, increasing the presence of physical security personnel, and temporarily disabling affected card readers on critical entry points until they can be updated. Conduct a review of all access privileges and enforce the principle of least privilege.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the direct threat to physical security, this vulnerability requires immediate attention. We strongly recommend that all organizations using affected Dormakaba Saflok systems prioritize the deployment of the vendor-supplied patches across all facilities without delay. Due to the high likelihood of exploitation, organizations should also immediately implement the recommended monitoring and compensating controls to detect and prevent unauthorized access while the patching process is underway.