| tiêu đề | INDEX Conferences & Exhibitions Organization L.L.C YWF | BPOF | APGCS 1.0.2 Authorization Credential Exposure |
|---|
| Mô tả | In the Android application ae.index.apgcs version 1.0.2, hardcoded credentials (ACCESS_KEY and HASH_KEY) were discovered in the source file com/index/event/BuildConfig.java. An attacker can extract these keys through reverse engineering and directly call the authenticate_app API to obtain sensitive backend information, including but not limited to FCM server keys, SMTP passwords, Infobip API keys, Elastic email keys, Google reCAPTCHA secrets, and other internal configuration details. |
|---|
| Nguồn | ⚠️ https://www.notion.so/Authorization-Credentials-in-ae-index-apgcs-Lead-to-Exposure-of-Backend-Secrets-3172de3f97fb8040bc30c5519a742251?source=copy_link |
|---|
| Người dùng | fxizenta (UID 28116) |
|---|
| Đệ trình | 03/03/2026 08:39 (cách đây 3 các tháng) |
|---|
| Kiểm duyệt | 15/03/2026 17:25 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 351143 [INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App đến 1.0.2 trên Android ae.index.apgcs BuildConfig.java ACCESS_KEY/HASH_KEY xác thực yếu] |
|---|
| điểm | 17 |
|---|