Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN96154238/ | Third Party Advisory |
https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US | Product |
https://spoon-support.spooncast.net/jp/update | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2024-01-23T23:12:43.141Z
Updated: 2024-01-23T23:12:43.141Z
Reserved: 2024-01-17T07:05:36.873Z
Link: CVE-2024-23453
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-24T00:15:08.327
Modified: 2024-01-29T22:58:07.777
Link: CVE-2024-23453
JSON object: View
Redhat Information
No data.
CWE