CVE-2016-6545

Name of the Vulnerable Software and Affected Versions iTrack Easy (affected versions not specified)

Description The issue concerns the session management in iTrack Easy. Specifically, session cookies are not utilized to maintain valid sessions. Instead, the user's password is transmitted as a POST parameter over HTTPS on every request, using a base64 encoded passwd field. This means that sessions can only be terminated when the user changes the associated password.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.