2025-10-09 20:20:00
cisa-cg
PUBLISHED
Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the qs parameter used in /DownloadWeb/download.aspx. This key is shared across NIX installations. NIX 2023.3 and 2024.1 limit the use of hard-coded keys.