Lucene search
Japan Vulnerability NotesJVN:83405304HistoryMay 10, 2024 - 12:00 a.m.
JVN#83405304: "OfferBox" App uses a hard-coded secret key
2024-05-1000:00:00
Japan Vulnerability Notes
jvn.jp
7
offerbox
i-plug inc
hard-coded
secret key
jwt
cwe-321
vulnerability
revoked
developer
updates
android
ios
products affected
“OfferBox” App provided by i-plug inc. uses a hard-coded secret key for JWT (CWE-321).
Impact
The hard-coded secret key for JWT may be retrieved if the application binary is reverse-engineered.
Solution
The hard-coded secret key has been revoked by the developer on May 8, 2024 therefore this vulnerability is not exploitable.
The developer has released the following updates which do not contain hard-coded secret keys:
- “OfferBox” App for Android 3.0.0
- “OfferBox” App for iOS 3.0.0
Products Affected
- “OfferBox” App for Android 2.0.0 to 2.3.17
- “OfferBox” App for iOS 2.1.7 to 2.6.14
Related
cvelist
cvelist
CVE-2024-32988
2024-05-22 07:37:32
vulnrichment
vulnrichment
CVE-2024-32988
2024-05-22 07:37:32
nvd
nvd
CVE-2024-32988
2024-05-22 08:15:10
cve
cve
CVE-2024-32988
2024-05-22 08:15:10