CVE-2016-20030 | ZKTeco ZKBioSecurity 3.0.1.0_R_230 User Account authLoginAction!login.do Username incorrect behavior order: authorization before parsing and canonicalization (ZSL-2016-5366)

A vulnerability was found in ZKTeco ZKBioSecurity 3.0.1.0_R_230. It has been declared as critical. The affected element is an unknown function of the file authLoginAction!login.do of the component User Account Handler. The manipulation of the argument Username results in incorrect behavior order: authorization before parsing and canonicalization.

This vulnerability is identified as CVE-2016-20030. The attack can be executed remotely. There is not any exploit available.VulDB Recent EntriesRead More