| Titel | myAEDES myAEDES(aedes.me.beta) 1.18.4 Authorization Credential Exposure |
|---|
| Beschreibung | In the Android application aedes.me.beta version 1.18.4, a hardcoded EngageBay API key was discovered in the source file aedes/me/beta/utils/EngageBayUtils.java. An attacker can extract this key through reverse engineering and directly call EngageBay APIs to obtain sensitive user information, including but not limited to names, email addresses, phone numbers, app version, usage behavior (such as report generation records and tags), and other custom fields. |
|---|
| Quelle | ⚠️ https://www.notion.so/Authorization-Credential-Exposure-Leading-to-Data-Leakage-in-aedes-me-beta-app-3172de3f97fb8018abc9c25a878f5845?source=copy_link |
|---|
| Benutzer | fxizenta (UID 28116) |
|---|
| Einreichung | 03.03.2026 08:32 (vor 3 Monaten) |
|---|
| Moderieren | 15.03.2026 16:19 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 351142 [myAEDES App bis 1.18.4 auf Android aedes.me.beta EngageBayUtils.java AUTH_KEY Information Disclosure] |
|---|
| Punkte | 17 |
|---|