{"vuid":"VU#974055","idnumber":"974055","name":"iTrack Easy contains multiple vulnerabilities","keywords":["CWE-200","CWE-799","CWE-306","CWE-613","CWE-313","cleartext","password","session management","missing authentication","IoT"],"overview":"iTrack Easy contains multiple vulnerabilities including sensitive information exposure and missing authentication.","clean_desc":"CWE-200: Information Exposure - CVE-2016-6542\nThe iTrack device tracking ID number is the device's BLE MAC address. It can be obtained by being in range of the device. CWE-799: Improper Control of Interaction Frequency -  CVE-2016-6543\nA captured MAC/device ID can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device. CWE-306: Missing Authentication for Critical Function - CVE-2016-6544\ngetgps data can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device. CWE-613: Insufficient Session Expiration - CVE-2016-6545\nSession cookies are not used for maintaining valid sessions. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. CWE-313: Cleartext Storage in a File or on Disk - CVE-2016-6546\nThe iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext. The CVSS Score below represents CVE-2016-6544","impact":"These vulnerabilities may allow an unauthenticated, remote attacker to track a user's location without their consent.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"Use with caution Until the vendor supplies a patch, the user should practice caution as to where these devices are used.","sysaffected":"","thanks":"Thanks to \nDeral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnera\nbility.","author":"This document was written by Trent Novelly.","public":["http://www.ieasytec.com/","https://community.rapid7.com/community/infosec/blog/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities"],"cveids":["CVE-2016-6542","CVE-2016-6543","CVE-2016-6544","CVE-2016-6545","CVE-2016-6546"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2016-09-09T19:47:57Z","publicdate":"2016-10-25T00:00:00Z","datefirstpublished":"2016-10-25T14:58:24Z","dateupdated":"2016-10-25T15:13:46Z","revision":22,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5.8","cvss_basevector":"AV:N/AC:M/Au:N/C:P/I:P/A:--","cvss_temporalscore":"5.8","cvss_environmentalscore":"1.4401490775","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}