Tags archives: encryption

 

 

 

 

 

 

 

0

Schneider Electric Pelco VideoXpert Missing Encryption

Schneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie ‘auth_token’ in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in authentication bypass / session hijacking. Source: Schneider Electric Pelco VideoXpert Missing Encryption

The post Schneider Electric Pelco VideoXpert Missing Encryption appeared first on MondoUnix.