CVE-2023-38949 - Hidden API in ZKTeco BioTime v8.5.5 Lets Attackers Reset Admin Password (Explained)
In August 2023, security researchers discovered a severe vulnerability in the ZKTeco BioTime v8.5.5 time and attendance management system. This issue, now tracked
CVE-2023-38950 - Exploiting a Path Traversal Vulnerability in ZKTeco BioTime v8.5.5
*Last updated: June 2024*
Introduction
Security flaws in widely-used biometric and attendance systems can have huge consequences—especially when trusted by thousands of companies worldwide.
CVE-2022-38801 - How Employees Can Hijack Admin Sessions in ZKTeco BioTime (<8.5.3 Build:20200816.447) Using Blind XSS
ZKTeco’s BioTime is a popular time attendance and workforce management system used worldwide by small and large companies. On August 19, 2022, a severe
CVE-2022-38802 - Exploiting Incorrect Access Control in ZKTeco BioTime (<8.5.3 Build:20200816.447) for Local File Disclosure via XSS-to-PDF
ZKTeco's BioTime is a popular biometric time and attendance management software, used by enterprises worldwide. Security researchers discovered that versions below 8.5.
CVE-2022-38803 - How a Simple XSS in Zkteco BioTime Leads to Local File Read — Exploit and Details
Zkteco BioTime is a widely used time and attendance management platform, especially popular in organizations that need biometric punch and leave management. In mid-2022, a
Episode
00:00:00
00:00:00