Gallagher Command Centre Mobile Client Cleartext Storage of Session Token Vulnerability

Vulnerability

A vulnerability exists in the Gallagher Command Centre Mobile Client for Android and iOS, specifically in versions prior to 9.40.123. This issue involves the cleartext storage of sensitive information, allowing an attacker with access to a logged-in operator's mobile device to extract the session token. Such extraction could be used to exploit access for a limited duration.

Impact

Exploitation of this vulnerability could lead to unauthorized access by allowing an attacker to use the extracted session token to access the Command Centre Mobile Client on behalf of the logged-in operator, for a limited time.

Added: Mar 3, 2026, 3:18 AM

Updated: Mar 3, 2026, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

1.5

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

1.5

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gallagher Command Centre Mobile Client Cleartext Storage of Session Token Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating