CVE-2017-15582

{"id": "CVE-2017-15582", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-10-27T20:29:01.137", "references": [{"url": "https://1337sec.blogspot.de/2017/10/auditing-writediarycom-cve-2017-15581.html", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/anonymous/603b89f864a71426042b167cab557efa", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "In net.MCrypt in the \"Diary with lock\" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries."}, {"lang": "es", "value": "En net.MCrypt en la aplicaci\u00f3n \"Diary with lock\" (tambi\u00e9n conocida como WriteDiary) en su versi\u00f3n 4.72 para Android, las variables embebidas SecretKey e iv se utilizan para los par\u00e1metros AES, lo que hace que sea mas f\u00e1cil para los atacantes obtener las entradas de los diarios almacenadas en texto claro."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:writediary:diary_with_lock:4.72:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "5BB6A5D8-4DA9-4860-9FA2-AA5989508EA0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}