Vulnerabilities

CVE-2016-6545

by Fred · 13/07/2018

Session cookies are not used for maintaining valid sessions in iTrack Easy. The user’s password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.

Date published : 2018-07-13

http://www.securityfocus.com/bid/93875

https://www.kb.cert.org/vuls/id/974055

Similar

Tags: Cybersecurity Alert