Client-side authentication vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA

Client-side authentication vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA

CVE-2015-2847 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

Learn more about our Cis Benchmark Audit For Server Software.