Uploaded image for project: 'Embedded Software & Tools'
  1. Embedded Software & Tools
  2. EXT_EP-10212

Getting started view has a vulnerability to remote execution with man-in-the-middle attack

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Fixed
    • Priority: Urgent
    • Resolution: Fixed
    • Product:
      Code Composer Studio IDE
    • Internal ID:
      CCSIDE-3879
    • Found In Release:
      Hide
      CCS_9.1.0
      CCS_9.0.1
      CCS 9.2.0
      CCS_9.0.0
      CCS_8.0.0
      CCS_8.1.0
      CCS_10.0.0
      CCS_8.2.0
      CCS_9.3.0
      CCS_8.3.0
      CCS_10.1.0
      Show
      CCS_9.1.0 CCS_9.0.1 CCS 9.2.0 CCS_9.0.0 CCS_8.0.0 CCS_8.1.0 CCS_10.0.0 CCS_8.2.0 CCS_9.3.0 CCS_8.3.0 CCS_10.1.0
    • Fix In Release:
      Hide
      CCS_10.2.0
      CCS_10.1.1
      Show
      CCS_10.2.0 CCS_10.1.1
    • Affected Platform/Device:
      Generic
    • Release Notes:
      Recommended to upgrade to the CCSv10.1.1 service release or the CCSv10.2.0 product release that have fixes to close this vulnerability.

      Description

      The Getting Started View in Code Composer Studio uses a browser called jxbrowser. When opened this view automatically plays a YouTube video introducing users to the product.

      The way the browser was configured it did not verify the validity of https connection certificates. This weak authentication issue leaves it vulnerable to a man-in-the-middle attack which could be exploited to perform a live action.

        Attachments

          Activity

            People

            Assignee:
            syncuser TI User
            Reporter:
            syncuser TI User
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: