8000 Critical Vulnerability in react-native-keys Exposes API Keys · Issue #93 · numandev1/react-native-keys · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Critical Vulnerability in react-native-keys Exposes API Keys #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ch3tanbug opened this issue Jan 31, 2025 · 3 comments
Open

Critical Vulnerability in react-native-keys Exposes API Keys #93

ch3tanbug opened this issue Jan 31, 2025 · 3 comments

Comments

@ch3tanbug
Copy link
8000

Description:
A critical security vulnerability has been identified in the react-native-keys library (v1.x), which claims to securely store API keys by encrypting and embedding them in native code. However, due to weak cryptographic practices, an attacker can easily extract and decrypt API keys.

🔴 Impact
Attackers can extract and decrypt API keys stored via react-native-keys.
API keys used for Firebase, AWS, Stripe, and other services can be compromised, leading to unauthorized access, financial fraud, and data breaches.
The security model of the library is ineffective, providing a false sense of protection.

Please contact me for full technical details - chetanbug@duck.com
@github-actions GitHub Actions
Copy link

👋 @ch3tanbug
Thanks for opening your issue here! If you find this package useful hit the star🌟!

@aminhdev
Copy link

.

@RayKay91
Copy link

has this issue been fixed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aminhdev @RayKay91 @ch3tanbug
0