CVE-2019-25278

Summary

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.

Affected Software

VendorProductVersion RangeStatus
iWT Ltd.FaceSentry Access Control System6.4.8 build 264affected
iWT Ltd.FaceSentry Access Control System5.7.2 build 568affected
iWT Ltd.FaceSentry Access Control System5.7.0 build 539affected

Weaknesses

  • CWE-319: Cleartext Transmission of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References