FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without additional authentication.
References
| Link | Resource |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/163190 | Third Party Advisory |
| https://packetstormsecurity.com/files/153501 | Exploit Third Party Advisory |
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5529.php | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
16 Jan 2026, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
15 Jan 2026, 19:36
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:iwt:facesentry_access_control_system_firmware:6.4.8:*:*:*:*:*:*:* cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:* cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.2:*:*:*:*:*:*:* cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.0:*:*:*:*:*:*:* |
|
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/163190 - Third Party Advisory | |
| References | () https://packetstormsecurity.com/files/153501 - Exploit, Third Party Advisory | |
| References | () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5529.php - Exploit, Third Party Advisory | |
| First Time |
Iwt facesentry Access Control System
Iwt Iwt facesentry Access Control System Firmware |
08 Jan 2026, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-08 00:15
Updated : 2026-01-16 19:16
NVD link : CVE-2019-25279
Mitre link : CVE-2019-25279
CVE.ORG link : CVE-2019-25279
JSON object : View
Products Affected
iwt
- facesentry_access_control_system
- facesentry_access_control_system_firmware
CWE
CWE-312
Cleartext Storage of Sensitive Information