Primary

Context

FOD App Hard-Coded Cryptographic Keys Vulnerability

Vulnerability

A vulnerability exists in the FOD app for Android and iOS, both in versions prior to 5.2.0, due to the use of hard-coded cryptographic keys. This flaw may allow a local, unauthenticated attacker to retrieve these keys, which are utilized in processing JSON Web Token (JWT) data. While the developer claims that the impact is minimal—stating that, under normal circumstances, it is unlikely to lead to account impersonation—the existence of these keys still poses a potential risk.

Impact

The hard-coded keys could be extracted by an attacker. Although the developer believes this risk is limited, as the keys were invalidated on November 17, 2025, and communications using them are no longer possible, the vulnerability could still have allowed for key retrieval prior to this date.

Remediation

Users are advised to update the FOD app to version 5.2.0 or later, available on both Android and iOS. The developer has ensured that the affected versions will prompt an automatic update.

Added: Nov 25, 2025, 5:18 AM

Updated: Nov 25, 2025, 5:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FOD App Hard-Coded Cryptographic Keys Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating