The server checks the users cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system using a username and password.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
P5e_gnss_firmware | Chcnav | 4.1 (including) | 4.1 (including) |
P5e_gnss_firmware | Chcnav | 4.2 (including) | 4.2 (including) |