CVE-2019-25278

Sažetak

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/163192
https://packetstormsecurity.com/files/153498
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5528.php

CVSS

Base:	5.9
Impact:	3.6
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

16-01-2026 - 19:16

Objavljeno

08-01-2026 - 00:15