Vulnerabilities > CVE-2018-18976 - Authorization Bypass Through User-Controlled Key vulnerability in Ascensia Contour Diabetes
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before 2019-01-15. An attacker may retrieve encrypted medical information of any user of the Ascensia cloud platform by performing Direct Object References with a series of user ID values. (This information can be decrypted through a different vulnerability.)