CVE-2016-6545

Session cookies are not used for maintaining valid sessions in iTrack Easy. The user’s password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.

No comments yet.

Leave a Reply

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 1,198,491 bad guys.