CVE-2012-3025

2012-08-16T10:38:00
ID CVE-2012-3025
Type cve
Reporter ics-cert@hq.dhs.gov
Modified 2012-08-16T16:13:00

Description

The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.