La Nacion App WebSocket Credential Leak Vulnerability in Android

Vulnerability

A vulnerability exists in La Nacion App version 10.2.25 for Android, specifically within the app.lanacion.activity component. The issue arises from a hardcoded WebSocket API key in the BuildConfig.java file. This vulnerability allows for the unprotected storage of credentials, as the API key can be extracted through reverse engineering. Once obtained, the key can be used to authenticate with the WebSocket endpoint, potentially leading to a distributed denial-of-service (DDoS) attack by establishing multiple concurrent connections and exhausting server resources.

Impact

Exploitation of this vulnerability allows for the extraction of a WebSocket API key, which can be used to authenticate with the WebSocket endpoint. This could enable an attacker to launch a distributed denial-of-service (DDoS) attack, exhausting server resources by establishing numerous concurrent connections from multiple sources.

Added: Mar 16, 2026, 3:34 PM

Updated: Mar 16, 2026, 3:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

8.0

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

8.0

remediation

0.0

relevance

4.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

La Nacion App WebSocket Credential Leak Vulnerability in Android

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating