2 matches found
CVE-2015-2847
Honeywell Tuxedo Touch Controller (prior to 5.2.19.0_VA) is affected by CVE-2015-2847 due to client-side authentication performed in JavaScript. By intercepting and dropping USERACCT=… requests from the client-server data stream, a remote attacker can bypass authentication and access restricted p...
Honeywell Tuxedo Touch Controller contains multiple vulnerabilities
Overview All versions of Honeywell Tuxedo Touch Controller are vulnerable to authentication bypass and cross-site request forgery CSRF. Description CWE-603: Use of Client-Side Authentication - CVE-2015-2847The Honeywell Tuxedo Touch Controller web interface uses JavaScript to check for client...