[EXT_EP-10212] Getting started view has a vulnerability to remote execution with man-in-the-middle attack - Software Issue Report (SIR)

XML

Word

Printable

Details

Type: Bug
Status: Fixed
Priority: Urgent
Resolution: Fixed

Product:
Code Composer Studio IDE
Internal ID:
CCSIDE-3879
Found In Release:

Hide
CCS_9.1.0
CCS_9.0.1
CCS 9.2.0
CCS_9.0.0
CCS_8.0.0
CCS_8.1.0
CCS_10.0.0
CCS_8.2.0
CCS_9.3.0
CCS_8.3.0
CCS_10.1.0

Show
CCS_9.1.0 CCS_9.0.1 CCS 9.2.0 CCS_9.0.0 CCS_8.0.0 CCS_8.1.0 CCS_10.0.0 CCS_8.2.0 CCS_9.3.0 CCS_8.3.0 CCS_10.1.0
Fix In Release:

Hide
CCS_10.2.0
CCS_10.1.1

Show
CCS_10.2.0 CCS_10.1.1
Affected Platform/Device:
Generic
Release Notes:
Recommended to upgrade to the CCSv10.1.1 service release or the CCSv10.2.0 product release that have fixes to close this vulnerability.

Description

The Getting Started View in Code Composer Studio uses a browser called jxbrowser. When opened this view automatically plays a YouTube video introducing users to the product.

The way the browser was configured it did not verify the validity of https connection certificates. This weak authentication issue leaves it vulnerable to a man-in-the-middle attack which could be exploited to perform a live action.

Attachments

Activity

People

Assignee:: TI User

Reporter:: TI User

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/Jan/21 7:12 AM

Updated:: 18/Jan/21 1:28 PM

Resolved:: 14/Jan/21 7:12 AM