EIP-2026-101250

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101250. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an information leakage vulnerability in Delta Controls enteliTOUCH where sensitive credentials are transmitted and stored in cleartext within HTTP cookies. The PoC includes a crafted HTTP request that retrieves a cookie containing a password and other sensitive data, which can be intercepted via a man-in-the-middle attack.

Description

Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textremotehardware

https://www.exploit-db.com/exploits/50880

View Code ZIP pw:eip

This exploit demonstrates an information leakage vulnerability in Delta Controls enteliTOUCH where sensitive credentials are transmitted and stored in cleartext within HTTP cookies. The PoC includes a crafted HTTP request that retrieves a cookie containing a password and other sensitive data, which can be intercepted via a man-in-the-middle attack.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, 3.33.4005

No auth needed

Prerequisites: Network access to the target device · Ability to intercept or capture HTTP traffic

MITRE ATT&CK

T1552 - Unsecured Credentials T1187 - Forced Authentication

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure

Exploitation Summary

Description

Exploits (1)

Details