CVE-2019-25279

🗓️ 07 Jan 2026 23:10:00Reported by VulnCheckType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 12 Views🌐 WEB

FaceSentry 6.4.8 stores credentials in cleartext in the database, exposing login data.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2019-25279	8 Jan 202601:24	–	circl
CNNVD	iWT FaceSentry Access Control System 安全漏洞	8 Jan 202600:00	–	cnnvd
Cvelist	CVE-2019-25279 FaceSentry Access Control System 6.4.8 Cleartext Password Storage Vulnerability	7 Jan 202623:10	–	cvelist
NVD	CVE-2019-25279	8 Jan 202600:15	–	nvd
OSV	CVE-2019-25279	8 Jan 202600:15	–	osv
Positive Technologies	PT-2026-1677	7 Jan 202600:00	–	ptsecurity
Vulnrichment	CVE-2019-25279 FaceSentry Access Control System 6.4.8 Cleartext Password Storage Vulnerability	7 Jan 202623:10	–	vulnrichment
Zero Science Lab	FaceSentry Access Control System 6.4.8 Cleartext Password Storage	30 Jun 201900:00	–	zeroscience

NVD

Vulners

Node

iwt facesentry_access_control_system_firmwareMatch5.7.0

iwt facesentry_access_control_system_firmwareMatch5.7.2

iwt facesentry_access_control_system_firmwareMatch6.4.8

AND

iwt facesentry_access_control_systemMatch-

[
  {
    "vendor": "iWT Ltd.",
    "product": "FaceSentry Access Control System",
    "versions": [
      {
        "version": "6.4.8 build 264",
        "status": "affected"
      },
      {
        "version": "5.7.2 build 568",
        "status": "affected"
      },
      {
        "version": "5.7.0 build 539",
        "status": "affected"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/153501
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5529.php
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/163190

Parameter	Position	Path	Description	CWE
fUserID	path	192.168.11.1/database/FaceSentryWeb.sqlite	Cleartext credentials stored in local SQLite database exposed via /database/FaceSentryWeb.sqlite	CWE-312
fUserPassword	path	192.168.11.1/database/FaceSentryWeb.sqlite	Cleartext credentials stored in local SQLite database exposed via /database/FaceSentryWeb.sqlite	CWE-312
fUserFunctionPermissionGroupID	path	192.168.11.1/database/FaceSentryWeb.sqlite	Cleartext credentials stored in local SQLite database exposed via /database/FaceSentryWeb.sqlite	CWE-312
fUserLanguage	path	192.168.11.1/database/FaceSentryWeb.sqlite	Cleartext credentials stored in local SQLite database exposed via /database/FaceSentryWeb.sqlite	CWE-312
fStatus	path	192.168.11.1/database/FaceSentryWeb.sqlite	Cleartext credentials stored in local SQLite database exposed via /database/FaceSentryWeb.sqlite	CWE-312
fUserID	path	192.168.11.1/database/insert_db.txt	SQL content in /database/insert_db.txt used to insert credentials into the database (attack vector for credential disclosure)	CWE-312
fUserFunctionPermissionGroupID	path	192.168.11.1/database/insert_db.txt	SQL content in /database/insert_db.txt used to insert credentials into the database (attack vector for credential disclosure)	CWE-312
fUserPassword	path	192.168.11.1/database/insert_db.txt	SQL content in /database/insert_db.txt used to insert credentials into the database (attack vector for credential disclosure)	CWE-312
fUserLanguage	path	192.168.11.1/database/insert_db.txt	SQL content in /database/insert_db.txt used to insert credentials into the database (attack vector for credential disclosure)	CWE-312
fStatus	path	192.168.11.1/database/insert_db.txt	SQL content in /database/insert_db.txt used to insert credentials into the database (attack vector for credential disclosure)	CWE-312

16 Jan 2026 19:16Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.17.5

CVSS 46.8

EPSS0.00057

SSVC

CWE-312