Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
STARFACE 安全漏洞
Vulnerability Description
STARFACE是STARFACE公司的一个用于数字通信的 IP 电话系统。 STARFACE 7.3.0.10及之前版本存在安全漏洞,该漏洞源于允许使用密码哈希进行身份验证。
CVSS Information
N/A
Vulnerability Type
N/A