Securitybits-Io

**Name of the Vulnerable Software and Affected Versions** FreeTAKServer versions 1.9.8 through 1.9.8.4 **Description** An access control issue in the component /ManageRoute/postRoute of FreeTAKServer allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. The issue affects the API endpoint "/ManageRoute/postRoute" and can be exploited by manipulating the route creation process. **Recommendations** For FreeTAKServer versions 1.9.8 through 1.9.8.4, update to version 1.9.8.5 to resolve the issue. As a temporary workaround, consider restricting access to the /ManageRoute/postRoute endpoint to prevent unauthenticated attackers from exploiting the issue.

**Name of the Vulnerable Software and Affected Versions** FreeTAKServer version 1.9.8 **Description** The issue concerns a hardcoded Flask secret key in FreeTAKServer, which allows attackers to create crafted cookies. This can lead to bypassing authentication or escalating privileges. **Recommendations** For FreeTAKServer version 1.9.8, consider regenerating the Flask secret key to prevent attackers from creating crafted cookies. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.