Description
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html
Issue Tracking, Third Party Advisory x_refsource_misc
https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa
Scores
CVSS v3
7.5
EPSS
0.0075
EPSS Percentile
73.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-311
Status
published
Products (1)
writediary/diary_with_lock
4.72
Published
Oct 27, 2017
Tracked Since
Feb 18, 2026