| Título | INDEX Conferences & Exhibitions Organization L.L.C YWF | BPOF | APGCS 1.0.2 Authorization Credential Exposure |
|---|
| Descripción | In the Android application ae.index.apgcs version 1.0.2, hardcoded credentials (ACCESS_KEY and HASH_KEY) were discovered in the source file com/index/event/BuildConfig.java. An attacker can extract these keys through reverse engineering and directly call the authenticate_app API to obtain sensitive backend information, including but not limited to FCM server keys, SMTP passwords, Infobip API keys, Elastic email keys, Google reCAPTCHA secrets, and other internal configuration details. |
|---|
| Fuente | ⚠️ https://www.notion.so/Authorization-Credentials-in-ae-index-apgcs-Lead-to-Exposure-of-Backend-Secrets-3172de3f97fb8040bc30c5519a742251?source=copy_link |
|---|
| Usuario | fxizenta (UID 28116) |
|---|
| Sumisión | 2026-03-03 08:39 (hace 3 meses) |
|---|
| Moderación | 2026-03-15 17:25 (12 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 351143 [INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App hasta 1.0.2 en Android ae.index.apgcs BuildConfig.java ACCESS_KEY/HASH_KEY autenticación débil] |
|---|
| Puntos | 17 |
|---|