| عنوان | INDEX Conferences & Exhibitions Organization L.L.C YWF | BPOF | APGCS 1.0.2 Authorization Credential Exposure |
|---|
| الوصف | In the Android application ae.index.apgcs version 1.0.2, hardcoded credentials (ACCESS_KEY and HASH_KEY) were discovered in the source file com/index/event/BuildConfig.java. An attacker can extract these keys through reverse engineering and directly call the authenticate_app API to obtain sensitive backend information, including but not limited to FCM server keys, SMTP passwords, Infobip API keys, Elastic email keys, Google reCAPTCHA secrets, and other internal configuration details. |
|---|
| المصدر | ⚠️ https://www.notion.so/Authorization-Credentials-in-ae-index-apgcs-Lead-to-Exposure-of-Backend-Secrets-3172de3f97fb8040bc30c5519a742251?source=copy_link |
|---|
| المستخدم | fxizenta (UID 28116) |
|---|
| ارسال | 03/03/2026 08:39 AM (3 أشهر منذ) |
|---|
| الاعتدال | 15/03/2026 05:25 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 351143 [INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App حتى 1.0.2 على Android ae.index.apgcs BuildConfig.java ACCESS_KEY/HASH_KEY توثيق ضعيف] |
|---|
| النقاط | 17 |
|---|