Security researchers with IBM have found a series of significant vulnerabilities affecting popular visitor management systems that companies use to automate basic security and access control tasks that used to be carried out by receptionists and security guards.
A total of 19 flaws were found in visitor management systems produced by Jolly Technologies, HID Global, Threshold Security, Envoy, and The Receptionist. The vulnerabilities included the presence of default admin login credentials, exposure of sensitive data on visitors and privilege escalation flaws. The uncovered issues have serious implications in terms of security and privacy. As a result, the flawed solutions may provide companies with “a false sense of security.”