Technical Support | Suprema

False authentication with an unregistered card

Affected Products & Versions: Xpass v1 (XPH-E, XPH)

Summary

There is a case that an unregistered card can be authenticated on Xpass v1. Only the device type which supports HID card (XPH-E, XPH) is related to this issue.

If the unregistered card succeeds in authentication on Xpass v1, it will be authenticated as the card number of last authenticated user.

Issue Reproduction: 

1. Try to authenticate with an unregistered card on Xpass v1. At this point, the card type should be HID card.

2. If the user is allowed to access to the door with this card, he will be authenticated as last user who was successful for authentication.

3. As a result, the information on user id of last user who access to the device right before the unregistered card authenticates will be displayed in the real-time monitoring.

4. For instance, the last authenticated user’s id is 3 with enrolled card (check red box). If you try to authenticate with the unregistered card, you will be recognized as user id:3 although your id is not 3.

Workaround:

-

Solution:

Download the BETA firmware in the following link. Then, apply it to Xpass.

• http://webhard.suprema.co.kr//ExFd/16399/8764.bin