CVE-2019-25279

Publication date

2026-01-07 23:10:00

Family

VulnCheck

State

PUBLISHED

Description

FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the devices SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without additional authentication.