Vulnerabilities > CVE-2021-33982 - Insufficient Session Expiration vulnerability in Myfwc Fish | Hunt FL

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

myfwc

CWE-613

NVD

Published: 2021-09-08

Updated: 2021-09-15

Summary

An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions.

Vulnerable Configurations

Part	Description	Count
Application	Myfwc Myfwc Fish \| Hunt FL 1.0 Myfwc Fish \| Hunt FL 1.1 Myfwc Fish \| Hunt FL 1.2 Myfwc Fish \| Hunt FL 1.3 Myfwc Fish \| Hunt FL 2.0 Myfwc Fish \| Hunt FL 2.0.1 Myfwc Fish \| Hunt FL 2.0.2 Myfwc Fish \| Hunt FL 3.0 Myfwc Fish \| Hunt FL 3.0.1 Myfwc Fish \| Hunt FL 3.0.2 Myfwc Fish \| Hunt FL 3.0.3 Myfwc Fish \| Hunt FL 3.1.0 Myfwc Fish \| Hunt FL 3.1.1 Myfwc Fish \| Hunt FL 3.2.0 Myfwc Fish \| Hunt FL 3.3.0 Myfwc Fish \| Hunt FL 3.4.0 Myfwc Fish \| Hunt FL 3.4.1 Myfwc Fish \| Hunt FL 3.5.0 Myfwc Fish \| Hunt FL 3.5.1 Myfwc Fish \| Hunt FL 3.6.0 Myfwc Fish \| Hunt FL 3.6.1 Myfwc Fish \| Hunt FL 3.7.0 Myfwc Fish \| Hunt FL 3.8.0	23

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://gist.github.com/p4lsec/1f024d96b44ea733cdae0605c7ce8a49