Lucene search
JpcertVULNRICHMENT:CVE-2024-32988HistoryMay 22, 2024 - 7:37 a.m.
CVE-2024-32988
2024-05-2207:37:32
jpcert
github.com
2
offerbox
android
ios
jwt
secret key
insecure
βOfferBoxβ App for Android versions 2.0.0 to 2.3.17 and βOfferBoxβ App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered.
CNA Affected
[
{
"vendor": "i-plug inc.",
"product": "'OfferBox' App for Android",
"versions": [
{
"version": "2.0.0 to 2.3.17",
"status": "affected"
}
]
},
{
"vendor": "i-plug inc.",
"product": "'OfferBox' App for iOS",
"versions": [
{
"version": "2.1.7 to 2.6.14",
"status": "affected"
}
]
}
]References
Related
cvelist
cvelist
CVE-2024-32988
2024-05-22 07:37:32
nvd
nvd
CVE-2024-32988
2024-05-22 08:15:10
jvn
jvn
JVN#83405304: "OfferBox" App uses a hard-coded secret key
2024-05-10 00:00:00
cve
cve
CVE-2024-32988
2024-05-22 08:15:10
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for VULNRICHMENT:CVE-2024-32988