CVE-2022-38117 MEDIUM

CVE-2022-38117: Juiker app - Hard-coded Credentials

Vendor Juiker
Product Juiker app
Weakness CWE-798 · Hardcoded credentials
Published October 24, 2022
Last update May 7, 2025

CVSS base score

5.5/10
Attack vector Physical
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Juiker app hard-coded its AES key in the source code. A physical attacker, after getting the Android root privilege, can use the AES key to decrypt users’ ciphertext and tamper with it.

Key dates

02Disclosure timeline

October 24, 2022 CVE published
May 7, 2025 Record updated