| 제목 | Align Technology My Invisalign(com.aligntech.myinvisalign.emea) 3.12.4 Contentful CDA Tokens Exposure |
|---|
| 설명 | In the Android application com.aligntech.myinvisalign.emea version 3.12.4, Contentful Delivery API credentials (space ID and CDA token) are hardcoded in the client-side code. An attacker who extracts these credentials can directly query the Contentful CDN API to read all entries from both the master (production) and release (pre-production) environments. This exposes sensitive business configurations, marketing strategies, multimedia assets, and help documentation. By analyzing this data, the attacker can gain comprehensive insights into the app's business logic, go-to-market plans, technical release roadmap, and internal knowledge base, leading to severe and multifaceted leakage of trade secrets and intellectual property. |
|---|
| 원천 | ⚠️ https://www.notion.so/Contentful-CDA-Tokens-Exposure-Leading-to-Unauthorized-Access-to-Master-and-Release-Environments-in--3262de3f97fb802ebd1af88e1264cb9f?source=copy_link |
|---|
| 사용자 | fxizenta (UID 28116) |
|---|
| 제출 | 2026. 03. 17. PM 02:10 (20 날 ago) |
|---|
| 모더레이션 | 2026. 04. 03. AM 12:20 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 355044 [Align Technology My Invisalign App 3.12.4 켜짐 Android com.aligntech.myinvisalign.emea BuildConfig.java CDAACCESS_TOKEN 약한 암호화] |
|---|
| 포인트들 | 17 |
|---|