CVE-2016-6545

Summary

Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.

Affected Software

VendorProductVersion RangeStatus
iTrackEasyN/Aunknown

Weaknesses

  • CWE-613: CWE-613: Insufficient Session Expiration

ADP Enrichment

CVE Program Container

Additional References

References