CVE-2019-25278
Cleartext Transmission Vulnerability in FaceSentry 6.4.8 Enables Credential Interception
Publication date: 2026-01-08
Last updated on: 2026-01-08
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| iwt_ltd | facesentry_access_control_system | 6.4.8 |
| iwt_ltd | facesentry_access_control_system | 5.7.2 |
| iwt_ltd | facesentry_access_control_system | 5.7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow attackers to intercept authentication credentials via man-in-the-middle attacks, which may lead to unauthorized access or security bypass of the FaceSentry Access Control System. This could compromise the security of the system and expose sensitive information. [1]
Can you explain this vulnerability to me?
The vulnerability in FaceSentry Access Control System 6.4.8 involves the cleartext transmission of HTTP cookie authentication credentials. This allows remote attackers to perform man-in-the-middle (MiTM) attacks to intercept these credentials during network communication, potentially exposing sensitive authentication information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for unencrypted HTTP cookie authentication credentials being transmitted in cleartext. Using network packet capture tools like tcpdump or Wireshark, you can filter HTTP traffic to inspect cookies. For example, you can run the command: tcpdump -i <interface> -A -s 0 'tcp port 80' and look for HTTP headers containing cookie data. Additionally, inspecting the firmware version of FaceSentry devices to check if they are running vulnerable versions (6.4.8 build 264, 5.7.2 build 568, or 5.7.0 build 539) can help identify affected systems. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable FaceSentry firmware versions and restricting network access to the device to trusted networks only. Since the vulnerability involves cleartext transmission of authentication cookies, implementing network-level protections such as VPNs or encrypted tunnels (e.g., TLS/SSL) to protect communication can help. Monitoring network traffic for suspicious activity and applying any available vendor patches or updates when released are also recommended. [1]