VYPR

Diary With Lock

by Writediary

CVEs (2)

  • CVE-2017-15582HigOct 27, 2017
    risk 0.49cvss 7.5epss 0.01

    In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.

  • CVE-2017-15581HigOct 27, 2017
    risk 0.49cvss 7.5epss 0.01

    In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to…