CVE-2026-5453
Hardcoded Cryptographic Key in Rico Mobile App Module
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rico | so_vantagem_pra_investir_app | to 4.58.32.12421 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-320 | Key Management Errors |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Rico sΓ³ vantagem pra investir App up to version 4.58.32.12421 on Android. It involves improper handling of the argument SEGMENT_WRITE_KEY in the file br/com/rico/mobile/di/SegmentSettingsModule.java, which leads to the use of a hard-coded cryptographic key. The vulnerability can only be exploited locally.
How can this vulnerability impact me? :
The impact of this vulnerability is limited due to its low CVSS scores and the requirement for local access to exploit it. However, the use of a hard-coded cryptographic key can potentially weaken the security of cryptographic operations within the app, possibly allowing an attacker with local access to compromise some confidentiality aspects.