CVE-2016-6546— iTrack Easy mobile application stores the user password in base-64 encoding/cleartext
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-6546
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iTrack Easy mobile application stores the user password in base-64 encoding/cleartext
Source: NVD (National Vulnerability Database)
Vulnerability Description
The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件或磁盘上的明文存储
Source: NVD (National Vulnerability Database)
Vulnerability Title
iTrack Easy 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
iTrack Easy是一款多功能蓝牙设备。该设备支持与智能手机上的应用程序连接找到丢失或放错位置的东西等。 iTrack Easy中存在信息泄露漏洞,该漏洞源于程序使用base64编码存储账户密码。本地攻击者可利用该漏洞获取明文密码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2016-6546
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-6546
请登录查看更多情报信息。
Same Patch Batch · iTrack · 2018-07-13 · 5 CVEs total
| CVE-2016-6542 | The MAC address/device tracking ID of an iTrack Easy can be obtained within range of the d | |
| CVE-2016-6543 | A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts | |
| CVE-2016-6544 | iTrack Easy's getgps data can be modified without authentication | |
| CVE-2016-6545 | iTrack Easy does not use session cookies to maintain sessions and POSTs the users password |
IV. Related Vulnerabilities
Same product: Easy
Same vendor: iTrack
Same weakness: CWE-313
- CVE-2025-4397
Medtronic MyCareLink Patient Monitor Data Encryption Weaknes - CVE-2026-6796
Sanluan PublicCMS Failed Login LoginAdminController.java log - CVE-2026-6598
langflow-ai langflow Project Creation Endpoint projects.py e - CVE-2026-5531
SourceCodester Student Result Management System HTTP GET Req - CVE-2025-64305
Columbia Weather Systems MicroServer Cleartext Storage in a
V. Comments for CVE-2016-6546
No comments yet