Expiration of Bearer Tokens in Milwaukee ONE-KEY Android App Allows Unauthorized User Actions

Expiration of Bearer Tokens in Milwaukee ONE-KEY Android App Allows Unauthorized User Actions

CVE-2017-3215 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions.

Learn more about our Cis Benchmark Audit For Google Android.