| Title | Shinrays Games Goods Triple - Cat Goods Sort(cats.goods.sort.sorting.games) 1.200 Exposed Cryptographic Key and IV |
|---|
| Description | In the Android application cats.goods.sort.sorting.games version 1.200 containing the class com.jh.utils.jRwTX , a hardcoded AES key and IV were discovered. Attackers can extract these static strings through reverse engineering and use them to decrypt server responses, potentially gaining access to sensitive information such as AppsFlyer attribution data. |
|---|
| Source | ⚠️ https://www.notion.so/Exposed-Cryptographic-Key-and-IV-in-cats-goods-sort-sorting-games-3262de3f97fb801499ebc3dfd56e232e?source=copy_link |
|---|
| User | fxizenta (UID 28116) |
|---|
| Submission | 03/17/2026 13:21 (18 days ago) |
|---|
| Moderation | 04/02/2026 13:46 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 354856 [Shinrays Games Goods Triple App up to 1.200 cats.goods.sort.sorting.games jRwTX.java AES_IV/AES_PASSWORD hard-coded key] |
|---|
| Points | 15 |
|---|