| タイトル | Wahoo Fitness Wahoo SYSTM(com.WahooFitness.SYSTM) 7.2.1 Segment Write Key Exposure |
|---|
| 説明 | In the Android application com.WahooFitness.SYSTM version 7.2.1 , a hardcoded Segment write key was discovered in the source file com/WahooFitness/SYSTM/BuildConfig.java. An attacker can extract this key through reverse engineering and use it to send arbitrary tracking events and modify user profiles via Segment’s API. This allows injection of fraudulent analytics data, potentially leading to corrupted business intelligence, incorrect user segmentation, and misuse of downstream systems that rely on this data. |
|---|
| ソース | ⚠️ https://www.notion.so/Segment-Write-Key-Exposure-Leading-to-Data-Injection-and-User-Profile-Manipulation-In-com-WahooFitne-3262de3f97fb8038808eed63af1a48b8?source=copy_link |
|---|
| ユーザー | fxizenta (UID 28116) |
|---|
| 送信 | 2026年03月17日 14:20 (20 日 ago) |
|---|
| モデレーション | 2026年04月03日 02:51 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 355053 [Wahoo Fitness SYSTM App 迄 7.2.1 上 Android com.WahooFitness.SYSTM BuildConfig.java SEGMENT_WRITE_KEY 弱い暗号化] |
|---|
| ポイント | 17 |
|---|