The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network.
CPE | Name | Operator | Version |
---|---|---|---|
niagara_ax | le | 3.6 |