CVE-2023-36483

Name of the Vulnerable Software and Affected Versions MASmobile Classic Android versions 1.16.18 and earlier MASmobile Classic iOS versions 1.7.24 and earlier

Description An authorization bypass can be achieved by session ID prediction, allowing remote attackers to retrieve sensitive data including customer data, security system status, and event history.

Recommendations For MASmobile Classic Android versions 1.16.18 and earlier, update to a version later than 1.16.18 to resolve the issue. For MASmobile Classic iOS versions 1.7.24 and earlier, update to a version later than 1.7.24 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until a patch is available.