Read Time:22 Second
Posted by RedTeam Pentesting GmbH on Jun 01
Advisory: STARFACE: Authentication with Password Hash Possible
RedTeam Pentesting discovered that the web interface of STARFACE as well
as its REST API allows authentication using the SHA512 hash of the
password instead of the cleartext password. While storing password
hashes instead of cleartext passwords in an application’s database
generally has become best practice to protect users’ passwords in case
of a database compromise, this…