| Título | myAEDES myAEDES(aedes.me.beta) 1.18.4 Authorization Credential Exposure |
|---|
| Descripción | In the Android application aedes.me.beta version 1.18.4, a hardcoded EngageBay API key was discovered in the source file aedes/me/beta/utils/EngageBayUtils.java. An attacker can extract this key through reverse engineering and directly call EngageBay APIs to obtain sensitive user information, including but not limited to names, email addresses, phone numbers, app version, usage behavior (such as report generation records and tags), and other custom fields. |
|---|
| Fuente | ⚠️ https://www.notion.so/Authorization-Credential-Exposure-Leading-to-Data-Leakage-in-aedes-me-beta-app-3172de3f97fb8018abc9c25a878f5845?source=copy_link |
|---|
| Usuario | fxizenta (UID 28116) |
|---|
| Sumisión | 2026-03-03 08:32 (hace 3 meses) |
|---|
| Moderación | 2026-03-15 16:19 (12 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 351142 [myAEDES App hasta 1.18.4 en Android aedes.me.beta EngageBayUtils.java AUTH_KEY divulgación de información] |
|---|
| Puntos | 17 |
|---|