CVE-2023-33243

HIGH

STARFACE < 7.3.0.10 - Authentication Bypass via Password Hash

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-33243. PoCs published by RedTeam Pentesting GmbH, RedTeamPentesting.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass in STARFACE PBX by leveraging the use of password hashes instead of cleartext passwords. The PoC Python script automates the login process by calculating the required 'secret' value using the SHA512 hash of the password.

Description

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. While storing password hashes instead of cleartext passwords in an application's database generally has become best practice to protect users' passwords in case of a database compromise, this is rendered ineffective when allowing to authenticate using the password hash.

Exploits (2)

exploitdb WORKING POC

by RedTeam Pentesting GmbH · textwebappsjsp

https://www.exploit-db.com/exploits/51503

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass in STARFACE PBX by leveraging the use of password hashes instead of cleartext passwords. The PoC Python script automates the login process by calculating the required 'secret' value using the SHA512 hash of the password.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: STARFACE PBX 7.3.0.10 and earlier

No auth needed

Prerequisites: SHA512 hash of the user's password · access to the target STARFACE PBX web interface

MITRE ATT&CK

T1110.001 - Password Guessing T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by RedTeamPentesting · poc

https://github.com/RedTeamPentesting/CVE-2023-33243

View Code ZIP pw:eip

This PoC demonstrates an authentication bypass vulnerability in STARFACE by allowing login using a password hash instead of the plaintext password. It includes both web and REST API login methods.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: STARFACE (version not specified)

No auth needed

Prerequisites: Valid login ID · SHA512 password hash · Access to the target URL

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses

Exploit, Third Party Advisory

https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-004/-starface-authentication-with-password-hash-possible

Scores

CVSS v3 8.1

EPSS 0.0442

EPSS Percentile 90.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-916

Status published

Products (1)

starface/starface < 7.3.0.10

Published Jun 15, 2023

Tracked Since Feb 18, 2026