Vulnerability Details : CVE-2017-15582
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.
Products affected by CVE-2017-15582
- cpe:2.3:a:writediary:diary_with_lock:4.72:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-15582
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-15582
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-15582
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-15582
-
https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa
Auditing WriteDiary.com (CVE-2017-15581 & CVE-2017-15582) ยท GitHubIssue Tracking;Third Party Advisory
-
https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html
Auditing WriteDiary.com (CVE-2017-15581 & CVE-2017-15582)Issue Tracking;Third Party Advisory
Jump to