Rapid7 Researcher

**Name of the Vulnerable Software and Affected Versions** Halo Home versions prior to 1.11.0 **Description** The issue allows an attacker to impersonate a legitimate user by reusing stored OAuth authentication and refresh access tokens. These tokens are stored in a clear text file, which remains until the user logs out and reboots the device. An attacker could exploit this to view and change the user's personal information in the backend cloud service, but would first need to gain physical control of the Android device or compromise it with a malicious app. **Recommendations** For versions prior to 1.11.0, update to version 1.11.0 or later to resolve the issue. As a temporary workaround, consider regularly logging out of the application and rebooting the device to minimize the persistence of stored OAuth tokens. Restrict access to the device and use caution when installing applications to reduce the risk of compromise.

**Name of the Vulnerable Software and Affected Versions** BlueCats Reveal versions prior to 3.0.19 **Description** The issue allows an attacker to compromise the affected BlueCats network implementation by accessing a clear text file that stores the `username` and `password`. This file remains on the device until the user logs out or the session times out after 30 days of inactivity. To exploit this, an attacker would first need to gain physical control of the Android device or compromise it with a malicious app. **Recommendations** For versions prior to 3.0.19, update to version 3.0.19 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to prevent unauthorized physical or remote access to the Android device.

**Name of the Vulnerable Software and Affected Versions** BlueCats Reveal versions prior to 5.14 **Description** The issue allows an attacker to compromise the affected BlueCats network implementation by accessing the username and password stored in the app cache as base64 encoded strings, essentially clear text, even after the user logs out. To exploit this, an attacker would first need to gain physical control of the iOS device or compromise it with a malicious app. **Recommendations** For versions prior to 5.14, update to version 5.14 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and the BlueCats network implementation until the update can be applied.