High severity7.5NVD Advisory· Published Oct 27, 2017· Updated May 13, 2026

CVE-2017-15581

Description

In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.

Affected products

Writediary/Diary With Lock
cpe:2.3:a:writediary:diary_with_lock:4.72:*:*:*:*:android:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.htmlnvdIssue TrackingThird Party Advisory
gist.github.com/anonymous/603b89f864a71426042b167cab557efanvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000