Zkteco

ZKTeco BioTime Missing Authentication
ZKTeco BioTime Missing …

During a recent penetration test, I stumbled upon an instance of the ZKTeco BioTime web application. This application was linked to a time punch clock taking pictures of employees. The management can then analyse these pictures through the web application or an app. Through some directory fuzzing, I …