CVE-2017-11135

Name of the Vulnerable Software and Affected Versions heinekingmedia StashCat versions 1.7.5 and earlier for Android heinekingmedia StashCat versions 0.0.80w and earlier for Web heinekingmedia StashCat versions 0.0.86 and earlier for Desktop

Description The logout mechanism in the affected software does not properly check for authorization, allowing an attacker to exploit this issue by only needing to know the device ID. This results in a denial of service. The problem stems from the client side's inability to securely signal the end of a session and request data deletion.

Recommendations For heinekingmedia StashCat versions 1.7.5 and earlier for Android, consider implementing a secure logout mechanism that checks for proper authorization. For heinekingmedia StashCat versions 0.0.80w and earlier for Web, implement a secure way for the client side to signal the end of a session and request data deletion. For heinekingmedia StashCat versions 0.0.86 and earlier for Desktop, modify the logout mechanism to properly verify authorization before ending a session.