CVE-2017-15582
HIGHDiary with lock 4.72 - Use of Hard-coded Credentials in AES Encryption
Title source: llmDescription
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html
Issue Tracking, Third Party Advisory x_refsource_misc
https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa
Scores
CVSS v3
7.5
EPSS
0.0109
EPSS Percentile
61.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-798
Status
published
Products (1)
writediary/diary_with_lock
4.72
Published
Oct 27, 2017
Tracked Since
Feb 18, 2026