FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.