CVE-2016-20030

ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/116485
https://packetstormsecurity.com/files/138573
https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-user-enumeration-via-authloginaction
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5366.php

Configurations

No configuration.

History

15 Apr 2026, 14:56

Type	Values Removed	Values Added
Summary		(es) ZKTeco ZKBioSecurity 3.0 contiene una vulnerabilidad de enumeración de usuarios que permite a atacantes no autenticados descubrir nombres de usuario válidos al enviar caracteres parciales a través del parámetro username. Los atacantes pueden enviar solicitudes al script authLoginAction!login.do con diferentes entradas de nombre de usuario para enumerar cuentas de usuario válidas basándose en las respuestas de la aplicación.

16 Mar 2026, 14:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-16 14:17

Updated : 2026-04-15 14:56

NVD link : CVE-2016-20030

Mitre link : CVE-2016-20030

CVE.ORG link : CVE-2016-20030

JSON object : View

Products Affected

No product.

CWE

CWE-551

Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

{"id": "CVE-2016-20030", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-16T14:17:49.727", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/116485", "source": "disclosure@vulncheck.com"}, {"url": "https://packetstormsecurity.com/files/138573", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/zkteco-zkbiosecurity-user-enumeration-via-authloginaction", "source": "disclosure@vulncheck.com"}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5366.php", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-551"}]}], "descriptions": [{"lang": "en", "value": "ZKTeco ZKBioSecurity 3.0 contains a user enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by submitting partial characters via the username parameter. Attackers can send requests to the authLoginAction!login.do script with varying username inputs to enumerate valid user accounts based on application responses."}, {"lang": "es", "value": "ZKTeco ZKBioSecurity 3.0 contiene una vulnerabilidad de enumeraci\u00f3n de usuarios que permite a atacantes no autenticados descubrir nombres de usuario v\u00e1lidos al enviar caracteres parciales a trav\u00e9s del par\u00e1metro username. Los atacantes pueden enviar solicitudes al script authLoginAction!login.do con diferentes entradas de nombre de usuario para enumerar cuentas de usuario v\u00e1lidas bas\u00e1ndose en las respuestas de la aplicaci\u00f3n."}], "lastModified": "2026-04-15T14:56:45.970", "sourceIdentifier": "disclosure@vulncheck.com"}