Hard-coded API Key Vulnerability in Studyplus App for Android and iOS

Hard-coded API Key Vulnerability in Studyplus App for Android and iOS

CVE-2020-5667 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.

Learn more about our Cis Benchmark Audit For Apple Ios.