Despite the stability improvements, the software shows its age in several areas:
If you have the device connected to a router via Ethernet cable: fingerprint attendance system version 4.8.8 build 157
| Component | Vulnerability | Exploit Impact |
|-----------|--------------|----------------|
| Database | Default sysdba/masterkey (Firebird) or blank SA password (MSSQL) | Full read/write of attendance logs, tampering with user fingerprints |
| Network | Unencrypted TCP (plaintext packets via port 4370) | Eavesdropping – capture raw fingerprint templates (irreversible identity theft) |
| Template Storage | Base64 encoded, no per-user salt | Rainbow table attack on template hashes |
| Admin Panel | Hardcoded backdoor user ATTEND\admin (some builds) | Remote attendance manipulation without audit trail |
| File System | \ProgramData\FPAttend\logs\ – plaintext debug logs containing raw device commands | Replay attacks | Despite the stability improvements, the software shows its
This is not your grandfather's time clock. Build 157 introduces several refinements that streamline the user experience. PC Software: