iWT FaceSentry Access Control System
0 remedies
cpe:2.3:h:iwt:facesentry_access_control_system:*:*:*:*:*:*:*, +1 more
0 remedies
- 6.4.8 build 264 (Algorithm A16)
- 5.7.2 build 568 (Algorithm A14)
- 5.7.0 build 539 (Algorithm A14)
iWT FaceSentry Access Control System Cleartext Transmission Vulnerability Allowing Authentication Credential Interception
Vulnerability
A vulnerability in iWT FaceSentry Access Control System version 6.4.8 has been identified, allowing remote attackers to intercept authentication credentials due to cleartext transmission of sensitive information. This vulnerability enables man-in-the-middle attacks to capture HTTP cookie authentication data during network communication.
Impact
Exploitation of this vulnerability could lead to unauthorized interception of HTTP cookie authentication credentials, allowing attackers to bypass authentication mechanisms.
Reproduction
The vulnerability can be reproduced by sending a crafted HTTP request that exploits the cleartext transmission of data. This can be done using a man-in-the-middle attack technique, intercepting the network traffic between the client and the server. The captured traffic will reveal the HTTP cookies containing the authentication credentials.
Added: Jan 8, 2026, 12:33 AM
Updated: Jan 8, 2026, 12:33 AM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
2.5exploitability
7.0remediation
0.0relevance
1.9threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.