Client-Side Authentication Bypass in Honeywell Tuxedo Touch
CVE-2015-2847

Currently unrated

Key Information:

Vendor: Honeywell
Status: Tuxedo Touch
Vendor: CVE Published:; 26 July 2015

What is CVE-2015-2847?

Honeywell Tuxedo Touch versions prior to 5.2.19.0_VA are susceptible to a vulnerability that exploits client-side authentication via JavaScript. This security flaw enables remote attackers to bypass intended access controls by manipulating USERACCT requests in the client-server data stream, resulting in unauthorized access to protected resources.

References

http://www.kb.cert.org/vuls/id/857948

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2015
Vulnerability Reserved
Apr 3, 2015