Insecure Session Management and Password Transmission in iTrack Easy
CVE-2016-6545 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password.
Learn more about our User Device Pen Test.