‘OfferBox’ App for Android versions 2.0.0 to 2.3.17 and ‘OfferBox’ App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered.
[
{
"vendor": "i-plug inc.",
"product": "'OfferBox' App for Android",
"versions": [
{
"version": "2.0.0 to 2.3.17",
"status": "affected"
}
]
},
{
"vendor": "i-plug inc.",
"product": "'OfferBox' App for iOS",
"versions": [
{
"version": "2.1.7 to 2.6.14",
"status": "affected"
}
]
}
]