Lucene search

PRIOn knowledge basePRION:CVE-2024-23453

HistoryJan 24, 2024 - 12:15 a.m.

Hardcoded credentials

2024-01-2400:15:00

PRIOn knowledge base

www.prio-n.com

android

spoon

application

hard-coded credentials

vulnerability

api key

local attacker

reverse-engineering

access

security

nvd

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.

CPENameOperatorVersion
spoonge7.11.1
spoonle8.6.0

CPE	Name	Operator	Version
	spoon	ge	7.11.1
	spoon	le	8.6.0

References

jvn.jp/en/jp/JVN96154238/

play.google.com/store/apps/details?id=co.spoonme&hl=en_US

spoon-support.spooncast.net/jp/update