CVE-2019-25241
Hard-Coded SSH Credentials in FaceSentry 6.4.8 Enable Root Access
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| facesentry | access_control_system | 6.4.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25241 is a critical vulnerability in FaceSentry Access Control System version 6.4.8 and earlier. It involves hard-coded, weak SSH credentials (username: wwwuser, password: 123456) accessible on port 23445, allowing unauthorized SSH access. Additionally, the sudoers configuration is insecure, permitting the wwwuser account to execute sudo commands without authentication, enabling attackers to escalate privileges and gain full root access to the device remotely. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA. However, given that the vulnerability allows unauthorized root access and full control over the FaceSentry Access Control System, it could potentially lead to unauthorized access to sensitive personal or organizational data, thereby impacting compliance with data protection regulations. Without explicit information, a definitive assessment cannot be made. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows attackers to remotely access the FaceSentry device via SSH using hard-coded weak credentials and escalate their privileges to root without authentication. This means an attacker can gain full control over the device, potentially manipulating access control functions, compromising security, and disrupting operations in environments relying on this system. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by scanning for devices running FaceSentry Access Control System exposing SSH on port 23445. Then, attempt to SSH using the hard-coded credentials (username: wwwuser, password: 123456). For example, use the command: ssh wwwuser@<target-ip> -p 23445. If you can log in, check sudo privileges by running: sudo -l. If sudo commands can be run without a password, the system is vulnerable. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting SSH access on port 23445, changing or removing the hard-coded wwwuser credentials, and correcting the sudoers configuration to require authentication for sudo commands. If possible, update the device firmware to a version that addresses this vulnerability or isolate the device from untrusted networks until a fix is applied. [1, 2]