PT-2026-1677 · Unknown · Facesentry Access Control System
Published
2026-01-07
·
Updated
2026-01-08
·
CVE-2019-25279
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FaceSentry Access Control System version 6.4.8
Description
The FaceSentry Access Control System stores passwords in cleartext within the device’s SQLite database. This allows attackers to access unencrypted credentials directly from the
/faceGuard/database/FaceSentryWeb.sqlite file without needing authentication.Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Facesentry Access Control System