CVE-2019-25278 | THREATINT

Description

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.

PUBLISHED Reserved 2026-01-06 | Published 2026-01-07 | Updated 2026-02-18 | Assigner VulnCheck

CRITICAL: 9.1CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Cleartext Transmission of Sensitive Information

Product status

6.4.8 build 264

affected

5.7.2 build 568

affected

5.7.0 build 539

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5528.php (Zero Science Lab Vulnerability Advisory) third-party-advisory

packetstormsecurity.com/files/153498 (Packet Storm Security Exploit Entry) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/163192 (IBM X-Force Vulnerability Exchange Entry) vdb-entry

cve.org (CVE-2019-25278)

nvd.nist.gov (CVE-2019-25278)

Download JSON