Submit #435034: ZKteco biotime 9.0.1 Exposure of Access Control List Files to an Unauthorized Controlinfo

TitleZKteco biotime 9.0.1 Exposure of Access Control List Files to an Unauthorized Control
DescriptionVendor of Product: Biotime Version: 9.0.1 Description: There is a vulnerability that allows unauthorized access to sensitive images without proper security permissions. This issue arises when a site administrator adds a user or an employee captures their picture. Consequently, an attacker can view all images by guessing the image URLs, effectively circumventing security measures. Vulnerability Details: The vulnerability can be exploited by performing a brute force attack on the image URLs. For example, by accessing the following URL pattern: bash Copy code http://time.xmzkteco.com:8097/auth_files/photo/* An attacker can brute-force the image names, trying variations such as name.jpg with numbers from 0 to 1000 or more, leading to access to images like: bash Copy code http://time.xmzkteco.com:8097/auth_files/photo/109.jpg This allows an attacker to retrieve all images stored on the server. Proof of Concept (PoC): Using the URL pattern mentioned above, an attacker can sequentially access image files without authentication. Dorks: Shodan query: http.title:"biotime" Reported by: CyberSecurity Center - MOI Iraq
Source⚠️ https://gist.githubusercontent.com/whiteman007/f7a85252fed91deff6eb3f20596710b0/raw/b7c8a7f53d3316cfd2da1cae9bcf583d923860b7/biotime%25209.0.1
User
 Cybersecurity Center - MOI Iraq (UID 76965)
Submission10/31/2024 17:58 (2 years ago)
Moderation11/09/2024 11:21 (9 days later)
StatusAccepted
VulDB entry283662 [ZKTeco ZKBio Time 9.0.1 Image File /auth_files/photo/ direct request]
Points20

Do you need the next level of professionalism?

Upgrade your account now!