| 제목 | myAEDES myAEDES(aedes.me.beta) 1.18.4 Authorization Credential Exposure |
|---|
| 설명 | In the Android application aedes.me.beta version 1.18.4, a hardcoded EngageBay API key was discovered in the source file aedes/me/beta/utils/EngageBayUtils.java. An attacker can extract this key through reverse engineering and directly call EngageBay APIs to obtain sensitive user information, including but not limited to names, email addresses, phone numbers, app version, usage behavior (such as report generation records and tags), and other custom fields. |
|---|
| 원천 | ⚠️ https://www.notion.so/Authorization-Credential-Exposure-Leading-to-Data-Leakage-in-aedes-me-beta-app-3172de3f97fb8018abc9c25a878f5845?source=copy_link |
|---|
| 사용자 | fxizenta (UID 28116) |
|---|
| 제출 | 2026. 03. 03. AM 08:32 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 15. PM 04:19 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 351142 [myAEDES App 까지 1.18.4 켜짐 Android aedes.me.beta EngageBayUtils.java AUTH_KEY 정보 공개] |
|---|
| 포인트들 | 17 |
|---|