Primary

Context

Dietly Android App Hardcoded Credentials Vulnerability in BuildConfig.java

Vulnerability

A vulnerability in the Dietly Android app, specifically in version 1.25.0, involves hardcoded credentials that expose sensitive API keys in the BuildConfig.java file. This exposure could allow unauthorized access to critical data and services, increasing the risk of misuse.

Impact

The exposure of API keys in the BuildConfig.java file could lead to unauthorized access to sensitive data and services, allowing for potential misuse of those resources.

Reproduction

To reproduce this vulnerability, decompile the Dietly Android app version 1.25.0 and navigate to the BuildConfig.java file. The exposed API keys can be found in this file, indicating the presence of hardcoded credentials.

Added: Sep 10, 2025, 3:19 PM

Updated: Sep 10, 2025, 3:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dietly Android App Hardcoded Credentials Vulnerability in BuildConfig.java

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating