Getting started view has a vulnerability to remote execution with man-in-the-middle attack

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Urgent
    • Code Composer Studio IDE
    • CCSIDE-3879
    • Hide
      CCS_9.1.0
      CCS_9.0.1
      CCS 9.2.0
      CCS_9.0.0
      CCS_8.0.0
      CCS_8.1.0
      CCS_10.0.0
      CCS_8.2.0
      CCS_9.3.0
      CCS_8.3.0
      CCS_10.1.0
      Show
      CCS_9.1.0 CCS_9.0.1 CCS 9.2.0 CCS_9.0.0 CCS_8.0.0 CCS_8.1.0 CCS_10.0.0 CCS_8.2.0 CCS_9.3.0 CCS_8.3.0 CCS_10.1.0
    • Hide
      CCS_10.2.0
      CCS_10.1.1
      Show
      CCS_10.2.0 CCS_10.1.1
    • Generic
    • Recommended to upgrade to the CCSv10.1.1 service release or the CCSv10.2.0 product release that have fixes to close this vulnerability.

      The Getting Started View in Code Composer Studio uses a browser called jxbrowser. When opened this view automatically plays a YouTube video introducing users to the product.

      The way the browser was configured it did not verify the validity of https connection certificates. This weak authentication issue leaves it vulnerable to a man-in-the-middle attack which could be exploited to perform a live action.

            Assignee:
            TI User
            Reporter:
            TI User
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                Connection: Intermediate to External PROD System
                EXTSYNC-2748 - Getting started view has a vulnerab...
                SYNCHRONIZED
                • Last Sync Date: