| タイトル | myAEDES myAEDES(aedes.me.beta) 1.18.4 Authorization Credential Exposure |
|---|
| 説明 | In the Android application aedes.me.beta version 1.18.4, a hardcoded EngageBay API key was discovered in the source file aedes/me/beta/utils/EngageBayUtils.java. An attacker can extract this key through reverse engineering and directly call EngageBay APIs to obtain sensitive user information, including but not limited to names, email addresses, phone numbers, app version, usage behavior (such as report generation records and tags), and other custom fields. |
|---|
| ソース | ⚠️ https://www.notion.so/Authorization-Credential-Exposure-Leading-to-Data-Leakage-in-aedes-me-beta-app-3172de3f97fb8018abc9c25a878f5845?source=copy_link |
|---|
| ユーザー | fxizenta (UID 28116) |
|---|
| 送信 | 2026年03月03日 08:32 (3 月 ago) |
|---|
| モデレーション | 2026年03月15日 16:19 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 351142 [myAEDES App 迄 1.18.4 上 Android aedes.me.beta EngageBayUtils.java AUTH_KEY 情報漏えい] |
|---|
| ポイント | 17 |
|---|