Vulnerabilities > CVE-2017-3215 - Insufficient Session Expiration vulnerability in Milwaukee One-Key

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

milwaukee

CWE-613

NVD

Published: 2017-06-20

Updated: 2019-10-09

Summary

The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions.

Vulnerable Configurations

Part	Description	Count
Application	Milwaukee Milwaukee ONE KEY *	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://duo.com/blog/bug-hunting-drilling-into-the-internet-of-things-iot