iWT FaceSentry Access Control System
0 remedies
cpe:2.3:h:iwt:facesentry_access_control_system:*:*:*:*:*:*:*, +1 more
0 remedies
- 6.4.8
- 6.4.8 build 264 (Algorithm A16)
- 5.7.2 build 568 (Algorithm A14)
- 5.7.0 build 539 (Algorithm A14)
iWT FaceSentry Access Control System Cleartext Password Storage Vulnerability
Vulnerability
A vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, where credentials for accessing the web interface are stored in cleartext within the device's SQLite database. This unencrypted storage allows attackers to directly access sensitive login information without any additional authentication. The vulnerable database file is located at /faceGuard/database/FaceSentryWeb.sqlite.
Impact
Exploitation of this vulnerability could lead to unauthorized access to user credentials, including usernames and passwords, stored in the unencrypted database.
Reproduction
The vulnerability can be reproduced by accessing the FaceSentryWeb.sqlite database file using SQLite. The unencrypted passwords can be extracted from the TWebUser table, which contains user credentials in cleartext.
Added: Jan 8, 2026, 12:32 AM
Updated: Jan 8, 2026, 12:32 AM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
2.5exploitability
9.1remediation
0.0relevance
1.8threat
6.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.