Mark Loveless

**Name of the Vulnerable Software and Affected Versions** Milwaukee ONE-KEY Android mobile application (affected versions not specified) **Description** The issue concerns the storage of a master token in plaintext within the apk binary of the application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Milwaukee ONE-KEY Android mobile application (affected versions not specified) **Description** The issue concerns the use of bearer tokens in the Milwaukee ONE-KEY Android mobile application. These tokens have an expiration period of one year and can be combined with a `user id` to perform various user actions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.