Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-33243
HistoryJun 15, 2023 - 8:15 p.m.

Design/Logic Flaw

2023-06-1520:15:00
PRIOn knowledge base
www.prio-n.com
5
redteam pentesting
starface
web interface
rest api
authentication
sha512 hash
password
cleartext password
storing password hashes
database
compromise
nvd

8.2 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.6%

JSON

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application’s database generally has become best practice to protect users’ passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.

CPENameOperatorVersion
starfacele7.3.0.10

Related

cvelist 1
packetstorm 1
githubexploit 1
cve 1
zdt 1
nvd 1
exploitdb 1
cvelist
cvelist
CVE-2023-33243
2023-06-15 00:00:00
packetstorm
packetstorm
STARFACE 7.3.0.10 Broken Authentication
2023-06-01 00:00:00
githubexploit
githubexploit
Exploit for Use of Password Hash With Insufficient Computational Effort in Starface
2023-05-26 08:32:38
cve
cve
CVE-2023-33243
2023-06-15 20:15:09
zdt
zdt
STARFACE 7.3.0.10 Broken Authentication Exploit
2023-06-01 00:00:00
nvd
nvd
CVE-2023-33243
2023-06-15 20:15:09
exploitdb
exploitdb
STARFACE 7.3.0.10 - Authentication with Password Hash Possible
2023-06-04 00:00:00

8.2 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.6%

JSON
Related for PRION:CVE-2023-33243
cvelist1packetstorm1githubexploit1cve1zdt1nvd1exploitdb1