CVE: Common Vulnerabilities and Exposures

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.

CWE 1 Total

CWE-613: CWE-613: Insufficient Session Expiration

Product Status

Versions 1 Total

Default Status: unknown

unknown

Credits

Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.

References 3 Total

kb.cert.org: VU#974055
external site
third-party-advisory
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
external site
securityfocus.com: 93875
external site
vdb-entry

Updated: 2024-08-06

This container includes required additional information provided by the CVE Program for this vulnerability.

References 3 Total

kb.cert.org: VU#974055
external site
third-party-advisoryx_transferred
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
external site
x_transferred
securityfocus.com: 93875
external site
vdb-entryx_transferred