An insecure, direct object vulnerability in hunting/fishing license retrieval function of the βFish | Hunt FLβ iOS app versions 3.8.0 and earlier allows a remote authenticated attacker to retrieve other peopleβs personal information and images of their hunting/fishing licenses.