Vulnerabilities > CVE-2021-33981 - Authorization Bypass Through User-Controlled Key vulnerability in Myfwc Fish | Hunt FL

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

myfwc

CWE-639

NVD

Published: 2021-09-08

Updated: 2022-05-03

Summary

An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish | Hunt FL" iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other people's personal information and images of their hunting/fishing licenses.

Vulnerable Configurations

Part	Description	Count
Application	Myfwc Myfwc Fish \| Hunt FL 1.0 Myfwc Fish \| Hunt FL 1.1 Myfwc Fish \| Hunt FL 1.2 Myfwc Fish \| Hunt FL 1.3 Myfwc Fish \| Hunt FL 2.0 Myfwc Fish \| Hunt FL 2.0.1 Myfwc Fish \| Hunt FL 2.0.2 Myfwc Fish \| Hunt FL 3.0 Myfwc Fish \| Hunt FL 3.0.1 Myfwc Fish \| Hunt FL 3.0.2 Myfwc Fish \| Hunt FL 3.0.3 Myfwc Fish \| Hunt FL 3.1.0 Myfwc Fish \| Hunt FL 3.1.1 Myfwc Fish \| Hunt FL 3.2.0 Myfwc Fish \| Hunt FL 3.3.0 Myfwc Fish \| Hunt FL 3.4.0 Myfwc Fish \| Hunt FL 3.4.1 Myfwc Fish \| Hunt FL 3.5.0 Myfwc Fish \| Hunt FL 3.5.1 Myfwc Fish \| Hunt FL 3.6.0 Myfwc Fish \| Hunt FL 3.6.1 Myfwc Fish \| Hunt FL 3.7.0 Myfwc Fish \| Hunt FL 3.8.0	23

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://gist.github.com/p4lsec/1f024d96b44ea733cdae0605c7ce8a49