QwikSec

Security Database

CVE

CWE

Training

CVE-2016-6545

Published: Jul 13, 2018

Modified: Aug 6, 2024

PUBLISHED

Description

Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.

Vendor	Product	Versions
iTrack	Easy	unknown `N/A`

Weaknesses (CWE)

References

third-party-advisory

x_refsource_CERT-VN

https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.