Hobo AliCloud OSS credentials suffer from information leakage vulnerability
Lotus app is an investment and financial management software. There is an information leakage vulnerability in the Lotus Aliyun OSS credentials. The vulnerability is caused by credential leakage due to the use of SDK with accessKeyId and accessKeySecret built into the mobile app. An attacker can...