Vulnerabilities > CVE-2021-26833 - Incomplete Cleanup vulnerability in Timelybills 1.21.115/1.7.0
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due to insufficient cache clearing mechanisms. A threat actor can obtain sensitive user data by decoding the tokens as JWT is signed and encoded, not encrypted.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |