Vulnerabilities > CVE-2023-33243 - Use of Password Hash With Insufficient Computational Effort vulnerability in Starface

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

starface

CWE-916

NVD

Published: 2023-06-15

Updated: 2023-07-03

Summary

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.

Vulnerable Configurations

Part	Description	Count
Application	Starface Starface Starface *	1

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References