FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/163192 | Third Party Advisory |
| https://packetstormsecurity.com/files/153498 | Exploit Third Party Advisory |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5528.php | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
16 Jan 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
15 Jan 2026, 19:24
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:iwt:facesentry_access_control_system_firmware:6.4.8:*:*:*:*:*:*:* cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:* cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.2:*:*:*:*:*:*:* cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.0:*:*:*:*:*:*:* |
|
| First Time |
Iwt facesentry Access Control System
Iwt Iwt facesentry Access Control System Firmware |
|
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/163192 - Third Party Advisory | |
| References | () https://packetstormsecurity.com/files/153498 - Exploit, Third Party Advisory | |
| References | () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5528.php - Exploit, Third Party Advisory |
08 Jan 2026, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-08 00:15
Updated : 2026-01-16 19:16
NVD link : CVE-2019-25278
Mitre link : CVE-2019-25278
CVE.ORG link : CVE-2019-25278
JSON object : View
Products Affected
iwt
- facesentry_access_control_system
- facesentry_access_control_system_firmware
CWE
CWE-319
Cleartext Transmission of Sensitive Information