logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-33243

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-33243

Description:
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.
Last updated date:
07/03/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
07/03/2023
Reference url to background

https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-004/-starface-authentication-with-password-hash-possible

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy