← Advisories

ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness

Low

Advisory ID

ZSL-2016-5366

Release Date

31 August 2016

Vendor

ZKTeco Inc. - http://www.zkteco.com

Affected Version

3.0.1.0_R_230, Platform: 3.0.1.0_R_230, Personnel: 1.0.1.0_R_1916, Access: 6.0.1.0_R_1757, Elevator: 2.0.1.0_R_777, Visitor: 2.0.1.0_R_877, Video:2.0.1.0_R_489, Adms: 1.0.1.0_R_197

CVE

CVE-2016-20030

Tested On

Microsoft Windows 7 Ultimate SP1 (EN), Microsoft Windows 7 Professional SP1 (EN), Apache-Coyote/1.1, Apache Tomcat/7.0.56

Summary

ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identification and a modern-user friendly UI, ZKBioSecurity 3.0 provides the most advanced solution for a whole new user experience.

Description

The weakness is caused due to the 'authLoginAction!login.do' script enumerating the list of valid usernames when some characters are provided via the 'username' parameter.

Proof of Concept

zkbiosec_userenum.pyTXT

Disclosure Timeline

18.07.2016Vulnerability discovered.

27.07.2016Vendor contacted.

29.08.2016No response from the vendor.

31.08.2016Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://exchange.xforce.ibmcloud.com/vulnerabilities/116485

[2]https://packetstormsecurity.com/files/138573

[3]https://www.cve.org/CVERecord?id=CVE-2016-20030

Changelog

31.08.2016Initial release

26.09.2016Added reference [1] and [2]

24.03.2026Added reference [3]