PT-2022-20152 · Zkteco · Zkteco Biotime
Dimitri Lesy
·
Published
2022-11-08
·
Updated
2022-11-09
·
CVE-2022-30515
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ZKTeco BioTime version 8.5.4
Description
The issue is related to missing authentication on folders containing employee photos. This allows an attacker to view the photos through filename enumeration.
Recommendations
For ZKTeco BioTime version 8.5.4, consider implementing proper authentication mechanisms for the folders containing employee photos to prevent unauthorized access. As a temporary workaround, restrict access to these folders until a proper fix is applied.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zkteco Biotime