Home

Description

FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without additional authentication.

PUBLISHED Reserved 2026-01-06 | Published 2026-01-07 | Updated 2026-01-16 | Assigner VulnCheck




MEDIUM: 6.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Cleartext Storage of Sensitive Information

Product status

6.4.8 build 264
affected

5.7.2 build 568
affected

5.7.0 build 539
affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5529.php (Zero Science Lab Vulnerability Advisory) third-party-advisory

exchange.xforce.ibmcloud.com/vulnerabilities/163190 (IBM X-Force Exchange Vulnerability Entry) vdb-entry

packetstormsecurity.com/files/153501 (Packet Storm Security Exploit Entry) exploit

cve.org (CVE-2019-25279)

nvd.nist.gov (CVE-2019-25279)

Download JSON