Описание
Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ieasytec:itrackeasy:-:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00996
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-613
CWE-384
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.
EPSS
Процентиль: 76%
0.00996
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-613
CWE-384