Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
ZKTeco ZKBio CVSecurity 安全漏洞
Vulnerability Description
ZKTeco ZKBio CVSecurity是中国ZKTeco公司的一系列生物识别解决方案。 ZKTeco ZKBio CVSecurity 6.4.1_R版本存在安全漏洞,该漏洞源于硬编码密钥,可能导致未经验证的JWT令牌认证。
CVSS Information
N/A
Vulnerability Type
N/A