6/24/2023 0 Comments Iclock adms download![]() ![]() CWE-295: Improper Certificate ValidationĪn attacker who is able to sniff the network or arp-spoof with a fake server obtains a long-lasting token.CWE-613: Insufficient Session Expiration.H 'Content-Type: application/push charset=UTF-8' -H 'Content-Language: zh-CN' the content of is: user uuid= cardno= pin=11111 password= group=1 starttime=0 endtime=0 name=Bugoy Test1 privilege=14 disable=0 verify=0 Vulnerability Type FaceDepot tablet reconnects to the server every 2 - 3 minutes and thus automatically submits a legit token.Īfter SN and token are obtained, it is easy to, for example, create a user, by using cURL: curl -v -L -X POST -A 'iClock Proxy/1.09' '' \ After taking over ZKBiosecurity Server's IP by arpspoofing, the script is able to obtain the token for further use. We did not install the CA into the tablet. We wrote a proof-of-concept to simulate ZKBiosecurity ADMS with reasonably dummy response. The token can be used in replay attack, command forgery, arbitrary user addition and privilege escalation (CVE-2020-17474). Moreover, the token has a long life (at least 2 weeks), and is still valid even after FaceDepot 7B (the Android tablet) issues a new token. Wireshark the default deployment, which does HTTP instead of HTTPS.Use a Python script (zkteco.py, see below) and a self-signed SSL certificate to simulate ZKBiosecurity Server (ADMS) and do ARP spoofing on HTTPS port 8088.The researchers have tried two ways to successfully steal the access token in the HTTP header. ![]() The update can be found via the vendor's link: The vendor addressed the vulnerability and has recommended to install an updated version of the software. The responsible disclosure expired on April 30, 2020. ZDI got one response from the vendor which acknowledged but not confirmed the vulnerability. The vulnerability has been submitted to ZDI on Dec 3, 2019. Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.
0 Comments
Leave a Reply. |