Unrated severityNVD Advisory· Published Jul 13, 2018· Updated Aug 6, 2024
iTrack Easy does not use session cookies to maintain sessions and POSTs the users password over HTTPS for each request
CVE-2016-6545
Description
Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.kb.cert.org/vuls/id/974055mitrethird-party-advisoryx_refsource_CERT-VN
- www.securityfocus.com/bid/93875mitrevdb-entryx_refsource_BID
- blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.