Writediary Diary With Lock : Security vulnerabilities, CVEs

Copy

CVE-2017-15582

In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.

Max CVSS

7.5

EPSS Score

0.18%

Published

2017-10-27

Updated

2019-10-03

CVE-2017-15581

In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.

Max CVSS

7.5

EPSS Score

0.52%

Published

2017-10-27

Updated

2019-10-03

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!