8 matches found
CVE-2024-32988
'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered...
CVE-2024-32988
'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered...
CVE-2024-32988
'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered...
CVE-2024-32988
'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered...
CVE-2024-32988
The CVE covers the OfferBox Android apps (2.0.0–2.3.17) and iOS apps (2.1.7–2.6.14) that embed a hard-coded JWT secret in the binary, enabling retrieval by reverse engineering. The root cause is a hard-coded secret key used for JWT authentication, which poses confidentiality risk if extracted. Pu...
"OfferBox" App uses a hard-coded secret key
Overview "OfferBox" App provided by i-plug inc. uses a hard-coded secret key for JWT CWE-321. Yuta Yamate of Rakuten Group, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact The hard-coded secret key for...
JVN#83405304: "OfferBox" App uses a hard-coded secret key
"OfferBox" App provided by i-plug inc. uses a hard-coded secret key for JWT CWE-321. Impact The hard-coded secret key for JWT may be retrieved if the application binary is reverse-engineered. Solution The hard-coded secret key has been revoked by the developer on May 8, 2024 therefore this...
OfferBox 安全漏洞
OfferBox is a recruiting application from OfferBox, Inc. OfferBox has a security vulnerability that stems from the use of hard-coded keys...