ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting par

APPLICATION

ZKTECO

16-03-2026 11:20

CVE-2016-20030 Vulnerabilidad documentada

Sin puntuación

Tags

#zkteco

#application

#vulnerability

#attackers

#authenticated

#security

#discover

#allow

#attack

Descripción

ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests authLoginAction!login.do script with varying inputs enumerate accounts based on application responses.

https://exchange.xforce.ibmcloud.com/vulnerabilities/116485

https://packetstormsecurity.com/files/138573

https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-user-enumeration-via-authloginaction

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5366.php

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2016-20030

Resultados similares

Coincidentes en almenos en 50% de los tags

16-03-2026 CVE-2016-20032
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that...
Ver información

16-03-2026 CVE-2016-20031
ZKTeco ZKBioSecurity 3.0 contains a local authorization bypass vulnerability in visLogin.jsp th...
Ver información