FaceSentry Access Control System version 6.4.8 suffers from a cleartext transmission of sensitive information. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.
321b7d7377b28d3b45492a989c752ae4fca3b6fbd121f8d2c5174424bc4142a6