This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote host is running a web server that is affected by multiple
The remote host is running a version of Tridium Niagara AX Web Server
that is affected by multiple vulnerabilities :
- A directory traversal vulnerability exists that allows
access to a file that stores login usernames and
- The system insecurely stores user authentication
credentials in 'config.bog'. (CVE-2012-4028)
- Usernames and passwords are stored in plaintext via
Base64 encoding in client side cookies. (CVE-2012-3025)
- The software generates predictable session IDs.
See also :
Apply the applicable security patch per the vendor's advisory.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.9
Public Exploit Available : true
Nessus Plugin ID: 67144 ()
Bugtraq ID: 54454550426174061741
CVE ID: CVE-2012-3024CVE-2012-3025CVE-2012-4027CVE-2012-4028
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.