Privilege escalation

2017-10-2720:29:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.4%

JSON

In the “Diary with lock” (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for “a personal journal of … secrets and feelings,” which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.

CPENameOperatorVersion
diary_with_lockeq4.72

CPE	Name	Operator	Version
	diary_with_lock	eq	4.72

References

1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html

gist.github.com/anonymous/603b89f864a71426042b167cab557efa