An authorization bypass was discovered in the Carrier...
Moderate severity
Unreviewed
Published
Mar 16, 2024
to the GitHub Advisory Database
•
Updated Mar 22, 2024
Description
Published by the National Vulnerability Database
Mar 16, 2024
Published to the GitHub Advisory Database
Mar 16, 2024
Last updated
Mar 22, 2024
An authorization bypass was discovered in the Carrier MASmobile Classic application through 1.16.18 for Android, MASmobile Classic app through 1.7.24 for iOS, and MAS ASP.Net Services through 1.9. It can be achieved via session ID prediction, allowing remote attackers to retrieve sensitive data including customer data, security system status, and event history. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The affected products cannot simply be updated; they must be removed, but can be replaced by other Carrier software as explained in the Carrier advisory.
References