Описание
'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered.
EPSS
Процентиль: 54%
0.00317
Низкий
7.5 High
CVSS3
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
'OfferBox' App for Android versions 2.0.0 to 2.3.17 and 'OfferBox' App for iOS versions 2.1.7 to 2.6.14 use a hard-coded secret key for JWT. Secret key for JWT may be retrieved if the application binary is reverse-engineered.
EPSS
Процентиль: 54%
0.00317
Низкий
7.5 High
CVSS3
Дефекты
CWE-798