Uploaded image for project: 'Embedded Software & Tools'
  1. Embedded Software & Tools
  2. EXT_EP-10212

Getting started view has a vulnerability to remote execution with man-in-the-middle attack

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Urgent Urgent
    • Code Composer Studio IDE
    • CCSIDE-3879
    • Hide
      CCS_9.1.0
      CCS_9.0.1
      CCS 9.2.0
      CCS_9.0.0
      CCS_8.0.0
      CCS_8.1.0
      CCS_10.0.0
      CCS_8.2.0
      CCS_9.3.0
      CCS_8.3.0
      CCS_10.1.0
      Show
      CCS_9.1.0 CCS_9.0.1 CCS 9.2.0 CCS_9.0.0 CCS_8.0.0 CCS_8.1.0 CCS_10.0.0 CCS_8.2.0 CCS_9.3.0 CCS_8.3.0 CCS_10.1.0
    • Hide
      CCS_10.2.0
      CCS_10.1.1
      Show
      CCS_10.2.0 CCS_10.1.1
    • Generic
    • Recommended to upgrade to the CCSv10.1.1 service release or the CCSv10.2.0 product release that have fixes to close this vulnerability.

      The Getting Started View in Code Composer Studio uses a browser called jxbrowser. When opened this view automatically plays a YouTube video introducing users to the product.

      The way the browser was configured it did not verify the validity of https connection certificates. This weak authentication issue leaves it vulnerable to a man-in-the-middle attack which could be exploited to perform a live action.

            syncuser TI User
            syncuser TI User
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: