Subscribe via feed.

Schneider Electric Pelco VideoXpert Missing Encryption

Posted by deepcore on July 11, 2017 – 9:00 pm

Schneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie ‘auth_token’ in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in authentication bypass / session hijacking.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.