CVE-2026-5453
Hardcoded Cryptographic Key in Rico Mobile App Module
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rico | so_vantagem_pra_investir_app | to 4.58.32.12421 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
| CWE-320 | Key Management Errors |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The impact of this vulnerability is limited due to its low CVSS scores and the requirement for local access to exploit it. However, the use of a hard-coded cryptographic key can potentially weaken the security of cryptographic operations within the app, possibly allowing an attacker with local access to compromise some confidentiality aspects.
Can you explain this vulnerability to me?
This vulnerability exists in the Rico sΓ³ vantagem pra investir App up to version 4.58.32.12421 on Android. It involves improper handling of the argument SEGMENT_WRITE_KEY in the file br/com/rico/mobile/di/SegmentSettingsModule.java, which leads to the use of a hard-coded cryptographic key. The vulnerability can only be exploited locally.