Senza Keto & Fasting Android App Improper Access Control Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability has been identified in the Senza: Keto & Fasting Android App, version 2.10.15, developed by Paul Itoi. The issue arises from improper access control in user data API endpoints, which allows attackers to exploit insufficient validation checks. This exploitation can lead to the unauthorized acquisition of authentication tokens, enabling account takeover. The consequences of this vulnerability include unauthorized access to user accounts, potential privacy violations, and the possibility of misusing the platform.

Impact

Exploitation of this vulnerability could result in unauthorized access to user accounts, allowing attackers to take over accounts and misuse them on the platform.

Added: Oct 30, 2025, 4:19 PM

Updated: Oct 30, 2025, 9:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.2

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.2

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Senza Keto & Fasting Android App Improper Access Control Vulnerability Allowing Account Takeover

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating