Predictable Session IDs and Keys in Tridium Niagara AX Framework

Predictable Session IDs and Keys in Tridium Niagara AX Framework

CVE-2012-3024 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.

Learn more about our Web Application Penetration Testing UK.