exploitDog

CVE-2017-15582

Опубликовано: 27 окт. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.

Ссылки

https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html
Issue Tracking
Third Party Advisory
https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa
Issue Tracking
Third Party Advisory
https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html
Issue Tracking
Third Party Advisory
https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:writediary:diary_with_lock:4.72:*:*:*:*:android:*:*

EPSS

Процентиль: 45%

0.00222

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-2r5h-7mq7-4q8v

CVSS3: 7.5

github

больше 3 лет назад

In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.

EPSS

Процентиль: 45%

0.00222

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798