FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure

Advisories

severity: critical
date: January 7, 2026
Affecting: FaceSentry Access Control System 6.4.8 build 264, 5.7.2 build 568, 5.7.0 build 539
CVE: CVE-2019-25278
CWE: CWE-319 Cleartext Transmission of Sensitive Information
CVSS: 9.1
CVSS V4 Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
References: Zero Science Lab Vulnerability Advisory
Packet Storm Security Exploit Entry
IBM X-Force Vulnerability Exchange Entry
Credit: LiquidWorm as Gjoko Krstic of Zero Science Lab
Description: FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.