CVE-2020-5667

Summary

Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.

Affected Software

VendorProductVersion RangeStatus
Studyplus Inc.Studyplus Appfor Android v6.3.7 and earlier, and for iOS v8.29.0 and earlieraffected

Weaknesses

  • Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

References