PT-2024-19877 · Unknown · Android Spoon
Yoshihito Sakai
·
Published
2024-01-23
·
Updated
2024-01-29
·
CVE-2024-23453
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Android Spoon application versions 7.11.1 through 8.6.0
Description
The issue concerns the use of hard-coded credentials in the application, which could allow a local attacker to retrieve a hard-coded API key by reverse-engineering the application binary. This API key could then be used for unauthorized access to the associated service.
Recommendations
For Android Spoon application versions 7.11.1 through 8.6.0, consider removing or securely storing the hard-coded API key to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the application's binary to minimize the risk of reverse-engineering.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android Spoon