Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unsecured Connection #231

Open
iamB0rgy opened this issue Nov 29, 2024 · 4 comments
Open

Unsecured Connection #231

iamB0rgy opened this issue Nov 29, 2024 · 4 comments

Comments

@iamB0rgy
Copy link

This isn't a bug but a security issue. As long as I know the IP of the device, I can do everything like, wipe out the date, pull the data, restart the device, etc. Or is there any way to setup a password in the device? I am using SpeedFace-H5L.

In this below code, I can read without the password.

from zk import ZK

zk = ZK('192.168.1.2', port=4370, verbose=True)
conn = None

try:
conn = zk.connect()
conn.disable_device()

attendance = conn.get_attendance()
if attendance:
    for record in attendance:
        print(f"User: {record.user_id}, Timestamp: {record.timestamp}, Status: {record.status}")
else:
    print("No attendance records found.")

conn.enable_device()  

except Exception as e:
print(f"Error: {e}")
finally:
if conn:
conn.disconnect()

@shadow046
Copy link

what i do is i change the port number of the device.

@shadow046
Copy link

O i check it.. The comm key is the password

image

@tuyendv-it
Copy link

We use passwords, so this is not a "security issue". It's your negligence in not setting a password.

@shadow046
Copy link

We use passwords, so this is not a "security issue". It's your negligence in not setting a password.

yes.. we can set a password. maybe he just didn't saw the comm key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants