CVE-2016-6545

CVE-2016-6545: iTrack Easy does not use session cookies to maintain sessions and POSTs the users password over HTTPS for each request

Weakness CWE-613 · Insufficient session expiration
Published July 13, 2018
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.

Key dates

02Disclosure timeline

July 13, 2018 CVE published
August 6, 2024 Record updated