CVEs-PoC/2021/CVE-2021-20748.md

### [CVE-2021-20748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20748)
![](https://img.shields.io/static/v1?label=Product&message=Retty%20App&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Retty%20App%20for%20Android%20versions%20prior%20to%204.8.13%20and%20Retty%20App%20for%20iOS%20versions%20prior%20to%204.11.14%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Hard-coded%20Credentials&color=brightgreen)

### Description

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.

### POC

#### Reference
- https://drive.google.com/file/d/1PBYqIsK8QxEEhGJ4SEgpY7iZw3RTTDho/view

#### Github
No PoCs found on GitHub currently.