CVE-2021-20748

Summary

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.

Affected Software

VendorProductVersion RangeStatus
Retty Inc.Retty AppRetty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14affected

Weaknesses

  • Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

References