| عنوان | SA LA NACION LA NACION(app.lanacion.activity) 10.2.25 WebSocket Credential Leak |
|---|
| الوصف | The Android application app.lanacion.activity version 10.2.25 contains a hardcoded WebSocket API key in source/app/lanacion/clublanacion/BuildConfig.java. An attacker can extract this key via reverse engineering and use it to authenticate to the WebSocket endpoint. This allows the attacker to establish numerous concurrent connections from multiple sources, potentially launching a distributed denial‑of‑service (DDoS) attack that exhausts server resources. |
|---|
| المصدر | ⚠️ https://www.notion.so/WebSocket-Credential-Leak-Leading-to-Potential-DDoS-Attacks-in-app-lanacion-activity-3192de3f97fb80f8add6c2247abeb4eb?source=copy_link |
|---|
| المستخدم | fxizenta (UID 28116) |
|---|
| ارسال | 04/03/2026 04:04 PM (2 أشهر منذ) |
|---|
| الاعتدال | 15/03/2026 09:48 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 351185 [La Nacion App 10.2.25 على Android app.lanacion.activity BuildConfig.java API_KEY_WEBSOCKET_CV تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|