In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.
References
Link | Resource |
---|---|
https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html | Issue Tracking Third Party Advisory |
https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-10-27T20:00:00
Updated: 2017-10-27T19:57:01
Reserved: 2017-10-18T00:00:00
Link: CVE-2017-15581
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-10-27T20:29:00.857
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-15581
JSON object: View
Redhat Information
No data.
CWE