Login Sign Up

CVE-2023-51142

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in ZKTeco BioTime allows remote attackers to access sensitive information without authentication. It affects BioTime versions 8.5.4 and earlier, potentially exposing employee data, biometric information, or system credentials.

💻 Affected Systems

Products:
  • ZKTeco BioTime
Versions: 8.5.4 and earlier
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with default configurations are vulnerable. The vulnerability appears to be in the web interface component.

📦 What is this software?

Biotime by Zkteco

View all CVEs affecting Biotime →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of biometric and personnel databases, credential theft enabling further system access, and potential identity theft of employees.

🟠

Likely Case

Exposure of employee personal information, biometric templates, and system configuration data that could facilitate further attacks.

🟢

If Mitigated

Limited data exposure if systems are properly segmented and access controlled, but still represents a significant information disclosure risk.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The GitHub gist reference contains technical details that could be used to create exploits. The vulnerability requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.5.5 or later

Vendor Advisory: https://www.zkteco.com/en/Security_Bulletinsibs/14

Restart Required: Yes

Instructions:

1. Download the latest version from ZKTeco's official website. 2. Backup your current configuration and database. 3. Install the update following vendor instructions. 4. Restart the BioTime service. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to BioTime web interface to internal networks only

Web Application Firewall

all

Implement WAF rules to block information disclosure attempts

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the BioTime interface
  • Monitor for unusual access patterns and information disclosure attempts in logs

🔍 How to Verify

Check if Vulnerable:

Check the BioTime web interface version in the admin panel or via the web interface footer

Check Version:

Check web interface or admin panel for version information

Verify Fix Applied:

Confirm version is 8.5.5 or later and test that sensitive information is no longer accessible via unauthenticated requests

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to sensitive endpoints
  • Multiple failed authentication attempts followed by information disclosure requests

Network Indicators:

  • Unusual HTTP requests to BioTime endpoints from unexpected sources
  • Traffic patterns suggesting information gathering

SIEM Query:

source="biotime_logs" AND (url="*/sensitive_endpoint*" OR status=200 AND size>1000000)

📊 Metadata

CVE ID: CVE-2023-51142
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: April 11, 2024
Last Updated: June 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51142, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)