Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2023-33243
HistoryJun 15, 2023 - 12:00 a.m.

CVE-2023-33243

2023-06-1500:00:00
mitre
www.cve.org
cve-2023-33243
redteam pentesting
sha512 hash
rest api
password storage

8.5 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.6%

JSON

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application’s database generally has become best practice to protect users’ passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.

Related

prion 1
cve 1
zdt 1
githubexploit 1
packetstorm 1
nvd 1
exploitdb 1
prion
prion
Design/Logic Flaw
2023-06-15 20:15:00
cve
cve
CVE-2023-33243
2023-06-15 20:15:09
zdt
zdt
STARFACE 7.3.0.10 Broken Authentication Exploit
2023-06-01 00:00:00
githubexploit
githubexploit
Exploit for Use of Password Hash With Insufficient Computational Effort in Starface
2023-05-26 08:32:38
packetstorm
packetstorm
STARFACE 7.3.0.10 Broken Authentication
2023-06-01 00:00:00
nvd
nvd
CVE-2023-33243
2023-06-15 20:15:09
exploitdb
exploitdb
STARFACE 7.3.0.10 - Authentication with Password Hash Possible
2023-06-04 00:00:00

8.5 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.6%

JSON
Related for CVELIST:CVE-2023-33243
prion1cve1zdt1githubexploit1packetstorm1nvd1exploitdb1