| Título | myAEDES myAEDES(aedes.me.beta) 1.18.4 Authorization Credential Exposure |
|---|
| Descrição | In the Android application aedes.me.beta version 1.18.4, a hardcoded EngageBay API key was discovered in the source file aedes/me/beta/utils/EngageBayUtils.java. An attacker can extract this key through reverse engineering and directly call EngageBay APIs to obtain sensitive user information, including but not limited to names, email addresses, phone numbers, app version, usage behavior (such as report generation records and tags), and other custom fields. |
|---|
| Fonte | ⚠️ https://www.notion.so/Authorization-Credential-Exposure-Leading-to-Data-Leakage-in-aedes-me-beta-app-3172de3f97fb8018abc9c25a878f5845?source=copy_link |
|---|
| Utilizador | fxizenta (UID 28116) |
|---|
| Submissão | 03/03/2026 08h32 (há 3 meses) |
|---|
| Moderação | 15/03/2026 16h19 (12 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 351142 [myAEDES App até 1.18.4 em Android aedes.me.beta EngageBayUtils.java AUTH_KEY Divulgação de Informação] |
|---|
| Pontos | 17 |
|---|