| 제목 | INDEX Conferences & Exhibitions Organization L.L.C YWF | BPOF | APGCS 1.0.2 Authorization Credential Exposure |
|---|
| 설명 | In the Android application ae.index.apgcs version 1.0.2, hardcoded credentials (ACCESS_KEY and HASH_KEY) were discovered in the source file com/index/event/BuildConfig.java. An attacker can extract these keys through reverse engineering and directly call the authenticate_app API to obtain sensitive backend information, including but not limited to FCM server keys, SMTP passwords, Infobip API keys, Elastic email keys, Google reCAPTCHA secrets, and other internal configuration details. |
|---|
| 원천 | ⚠️ https://www.notion.so/Authorization-Credentials-in-ae-index-apgcs-Lead-to-Exposure-of-Backend-Secrets-3172de3f97fb8040bc30c5519a742251?source=copy_link |
|---|
| 사용자 | fxizenta (UID 28116) |
|---|
| 제출 | 2026. 03. 03. AM 08:39 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 15. PM 05:25 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 351143 [INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App 까지 1.0.2 켜짐 Android ae.index.apgcs BuildConfig.java ACCESS_KEY/HASH_KEY 약한 인증] |
|---|
| 포인트들 | 17 |
|---|