9 matches found
CVE-2023-50294
The App Settings /admin/app page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. As a result, the Secret access key for external service may be obtained by an attacker who can access the App Settings page...
CVE-2021-20748
Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
"Piccoma" App uses a hard-coded API key for an external service
Overview "Piccoma" App for Android and "Piccoma" App for iOS provided by Kakao piccoma Corp. use a hard-coded API key for an external service CWE-798. Yoshihito Sakai of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...
Android App "Spoon" uses a hard-coded API key for an external service
Overview Android App "Spoon" provided by Spoon Radio Japan Inc. uses a hard-coded API key for an external service CWE-798. Yoshihito Sakai of BroadBand Security, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
CVE-2023-22429
Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials API key for an external service, which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary...
CVE-2022-35734
'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
CVE-2022-0131
Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
CVE-2021-20748
Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...
CVE-2020-5667
Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...