Security Advisory

CVE-2024-13966

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-27 18:35:31
Last updated 2025-05-28 19:08:03
Assigner cisa-cg
State PUBLISHED

Description

ZKTeco BioTime allows unauthenticated attackers to enumerate usernames and log in as any user with a password unchanged from the default value 123456. Users should change their passwords (located under the Attendance Settings tab as "Self-Password").