https://www.go-rbcs.com/articles/the-deadlocking-plunger-weakness

One recent facility security assessment started with the question below, and after encountering this vulnerability in every assessment for the past 15 years, it became obvious that it was time to write about it. The problem is easily remedied.

Q: We installed a good quality lock industrial, yet someone was able to bypass it using a credit card. How could this be?

A: Most likely the door latch installation somehow kept the deadlocking plunger (also called a deadlock latch) from being engaged, or allowed it to be disengaged. It is the purpose of this part of the door lock mechanism to prevent doors from being opened in this fashion.

Over the past 15 years, when I started tracking this particular vulnerability in our facility security assessments, in every commercial facility security assessment I performed, I found that at least one door could be easily opened (5 seconds or less) with a credit card, screwdriver or hair comb.

Facility managers have been amazed to see strong commercial and industrial locks bypassed this way. Recently at one facility, after a big name company installed card + pin electronic access control (card reader plus keypad) for a half-dozen very critical internal doors, I was able to slip my comb out of my pocket and pop open each door. IT departments take note: this vulnerability is common for IT equipment room closets, especially where the closet originally served another purpose, and was later given to IT without upgrading the door to a security grade installation.

Here are photographs from a Time-to-Target assessment in which we easily defeated a number of doors using a small screwdriver. What's worse, we discovered that when the door shown below was forced open, it did not alarm.