CVE-2024-32988
📋 TL;DR
The OfferBox mobile applications for Android and iOS use a hard-coded secret key for JSON Web Token (JWT) authentication. This allows attackers who reverse-engineer the app binary to forge valid authentication tokens, potentially gaining unauthorized access to user accounts and data. All users running vulnerable versions of the OfferBox app are affected.
💻 Affected Systems
- OfferBox App for Android
- OfferBox App for iOS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers forge administrative JWTs, gain full control over the application backend, access all user data, and potentially compromise connected systems.
Likely Case
Attackers create valid user JWTs to impersonate legitimate users, access personal data, and perform unauthorized actions within the application.
If Mitigated
With proper monitoring and rate limiting, unauthorized access attempts are detected and blocked, limiting data exposure.
🎯 Exploit Status
Exploitation requires reverse-engineering the app binary to extract the hard-coded key, then using standard JWT libraries to forge tokens.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android: >2.3.17, iOS: >2.6.14
Vendor Advisory: https://jvn.jp/en/jp/JVN83405304/
Restart Required: Yes
Instructions:
1. Update the OfferBox app through the official app store (Google Play Store for Android, App Store for iOS). 2. Verify the installed version is above the vulnerable ranges. 3. Restart the application after update.
🔧 Temporary Workarounds
Disable vulnerable app versions
allUninstall vulnerable versions of the OfferBox app until patched versions are available.
🧯 If You Can't Patch
- Implement server-side JWT validation with rotating keys and proper key management.
- Add additional authentication factors and monitor for anomalous token usage patterns.
🔍 How to Verify
Check if Vulnerable:
Check the app version in the app settings or app store listing. Android: Settings > Apps > OfferBox > App info. iOS: Settings > General > iPhone Storage > OfferBox.Check Version:
Not applicable for mobile apps; check via device settings.Verify Fix Applied:
Confirm the installed version is above the vulnerable ranges: Android >2.3.17, iOS >2.6.14.📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts followed by successful login with unusual token patterns
- JWTs with inconsistent signatures or timestamps
Network Indicators:
- Unusual API request patterns from single IPs using different JWTs
- JWTs that don't match expected key rotation schedules
SIEM Query:
source="application_logs" AND (event="authentication" AND result="success") AND token_signature="hardcoded_key_pattern"