Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and previous versions and MASmobile Classic iOS version 1.7.24 and previous versions which allows remote malicious users to retrieve sensitive data including customer data, security system status, and event history.