In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and…
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
https://cwe.mitre.org/data/definitions/523.html →Open in CWE collection →Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
https://capec.mitre.org/data/definitions/102.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| development_system | * | Tracked |
| edge_gateway | * | Tracked |
| gateway | * | Tracked |
| hmi_sl | * | Tracked |
| opc_server | * | Tracked |
| plchandler | * | Tracked |
| plcwinnt | * | Tracked |
| runtime_toolkit | * | Tracked |
| sp_realtime_nt | * | Tracked |
| web_server | * | Tracked |