NuytsTech Security

CVE-2012-3025

by ·

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.

Date published : 2012-08-16

http://www.tridium.com/cs/tridium_news/security_patch_36

http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf

Tags: