PT-2020-18632 · Studyplus · Studyplus App For Android+1

Ryo Sato

Published

2020-11-06

Updated

2020-11-17

CVE-2020-5667

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Studyplus App for Android versions 6.3.7 and earlier Studyplus App for iOS versions 8.29.0 and earlier

Description The issue concerns the use of a hard-coded API key for an external service in the affected apps. This could allow the API key to be obtained by analyzing data within the app.

Recommendations For Studyplus App for Android versions 6.3.7 and earlier, consider removing or securely storing the hard-coded API key until a patch is available. For Studyplus App for iOS versions 8.29.0 and earlier, consider removing or securely storing the hard-coded API key until a patch is available.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2020-5667

Affected Products

Studyplus App For Android

Studyplus App For Ios

PT-2020-18632 · Studyplus · Studyplus App For Android+1

CVE-2020-5667

Weakness Enumeration

Related Identifiers

Affected Products

References · 4