Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZKTeco BioTime Endpoint safe_setting credentials storage
Vulnerability Description
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing a manipulation of the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results in unprotected storage of credentials. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
明文存储口令
Vulnerability Title
ZKTeco BioTime 安全漏洞
Vulnerability Description
ZKTeco BioTime是中国ZKTeco公司的一款功能强大的基于 web 的时间和出勤管理软件。 ZKTeco BioTime 9.0.3版本、9.0.4版本和9.5.2版本存在安全漏洞,该漏洞源于对文件/base/safe_setting/中参数backup_encryption_password_decrypt/export_encryption_password_decrypt的错误操作,可能导致凭据存储不当。
CVSS Information
N/A
Vulnerability Type
N/A