Published: 15/06/2023 Updated: 03/07/2023

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 0

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
starface starface

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a ...

PoC for login with password hash in STARFACE

Proof of Concept for Login with Password Hash in STARFACE (CVE-2023-33243) Details are described in our advisory In the corresponding blog post the vulnerability CVE-2023-33243 is used as an example to describe how we generally approach the analysis of authentication mechanisms and identify misconceptions we encounter during our pentest engagements Dependencies Install Python

CWE-916 https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-004/-starface-authentication-with-password-hash-possible https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses https://nvd.nist.gov https://github.com/RedTeamPentesting/CVE-2023-33243 https://packetstormsecurity.com/files/172679/STARFACE-7.3.0.10-Broken-Authentication.html

CVE-2023-33243

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect