| Titel | INDEX Conferences & Exhibitions Organization L.L.C YWF | BPOF | APGCS 1.0.2 Authorization Credential Exposure |
|---|
| Beschreibung | In the Android application ae.index.apgcs version 1.0.2, hardcoded credentials (ACCESS_KEY and HASH_KEY) were discovered in the source file com/index/event/BuildConfig.java. An attacker can extract these keys through reverse engineering and directly call the authenticate_app API to obtain sensitive backend information, including but not limited to FCM server keys, SMTP passwords, Infobip API keys, Elastic email keys, Google reCAPTCHA secrets, and other internal configuration details. |
|---|
| Quelle | ⚠️ https://www.notion.so/Authorization-Credentials-in-ae-index-apgcs-Lead-to-Exposure-of-Backend-Secrets-3172de3f97fb8040bc30c5519a742251?source=copy_link |
|---|
| Benutzer | fxizenta (UID 28116) |
|---|
| Einreichung | 03.03.2026 08:39 (vor 3 Monaten) |
|---|
| Moderieren | 15.03.2026 17:25 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 351143 [INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App bis 1.0.2 auf Android ae.index.apgcs BuildConfig.java ACCESS_KEY/HASH_KEY schwache Authentisierung] |
|---|
| Punkte | 17 |
|---|