This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote host is running a web server that is affected by multiple
The remote host is running a version of Tridium Niagara AX Web Server
that is affected by multiple vulnerabilities :
- A directory traversal vulnerability exists that allows
access to a file that stores login usernames and
- The system insecurely stores user authentication
credentials in 'config.bog'. (CVE-2012-4028)
- Usernames and passwords are stored in plaintext via
Base64 encoding in client side cookies. (CVE-2012-3025)
- The software generates predictable session IDs.
See also :
Apply the applicable security patch per the vendor's advisory.
Risk factor :
High / CVSS Base Score : 7.1
CVSS Temporal Score : 5.9
Public Exploit Available : true