Search

Find a vulnerability

Search criteria

    4 vulnerabilities by writediary

    CVE-2017-15582 (GCVE-0-2017-15582)

    Vulnerability from nvd – Published: 2017-10-27 20:00 – Updated: 2024-08-05 19:57
    VLAI
    Summary
    In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-10-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:57:27.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-10-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In net.MCrypt in the \"Diary with lock\" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-27T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-15582",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In net.MCrypt in the \"Diary with lock\" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html",
                  "refsource": "MISC",
                  "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
                },
                {
                  "name": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-15582",
        "datePublished": "2017-10-27T20:00:00.000Z",
        "dateReserved": "2017-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:57:27.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15581 (GCVE-0-2017-15581)

    Vulnerability from nvd – Published: 2017-10-27 20:00 – Updated: 2024-08-05 19:57
    VLAI
    Summary
    In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-10-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:57:26.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-10-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In the \"Diary with lock\" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for \"a personal journal of ... secrets and feelings,\" which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-27T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-15581",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the \"Diary with lock\" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for \"a personal journal of ... secrets and feelings,\" which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html",
                  "refsource": "MISC",
                  "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
                },
                {
                  "name": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-15581",
        "datePublished": "2017-10-27T20:00:00.000Z",
        "dateReserved": "2017-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:57:26.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15582 (GCVE-0-2017-15582)

    Vulnerability from cvelistv5 – Published: 2017-10-27 20:00 – Updated: 2024-08-05 19:57
    VLAI
    Summary
    In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-10-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:57:27.044Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-10-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In net.MCrypt in the \"Diary with lock\" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-27T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-15582",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In net.MCrypt in the \"Diary with lock\" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html",
                  "refsource": "MISC",
                  "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
                },
                {
                  "name": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-15582",
        "datePublished": "2017-10-27T20:00:00.000Z",
        "dateReserved": "2017-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:57:27.044Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-15581 (GCVE-0-2017-15581)

    Vulnerability from cvelistv5 – Published: 2017-10-27 20:00 – Updated: 2024-08-05 19:57
    VLAI
    Summary
    In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2017-10-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T19:57:26.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-10-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In the \"Diary with lock\" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for \"a personal journal of ... secrets and feelings,\" which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-27T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-15581",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In the \"Diary with lock\" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for \"a personal journal of ... secrets and feelings,\" which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html",
                  "refsource": "MISC",
                  "url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html"
                },
                {
                  "name": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-15581",
        "datePublished": "2017-10-27T20:00:00.000Z",
        "dateReserved": "2017-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-05T19:57:26.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }