CVE-2023-33243

HIGH 8.1

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

0th

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.

Vendor	n/a
Product	n/a
Published	Jun 15, 2023
Last Updated	Dec 12, 2024

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new high vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

redteam-pentesting.de: https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses redteam-pentesting.de: https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-004/-starface-authentication-with-password-hash-possible