Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZKTeco ZKBioSecurity 3.0 User Enumeration via authLoginAction
Vulnerability Description
ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
不正确的行为次序:在解析与净化处理之前进行授权
Vulnerability Title
ZKTeco ZKBioSecurity 安全漏洞
Vulnerability Description
ZKTeco ZKBioSecurity是中国ZKTeco公司的一个基于 Web 的一体式平台。 ZKTeco ZKBioSecurity 3.0版本存在安全漏洞,该漏洞源于用户枚举,可能导致未经验证攻击者通过提交部分字符发现有效用户名。
CVSS Information
N/A
Vulnerability Type
N/A