CVE-2017-11133

Name of the Vulnerable Software and Affected Versions heinekingmedia StashCat versions 1.7.5 and earlier for Android heinekingmedia StashCat versions 0.0.80w and earlier for Web heinekingmedia StashCat versions 0.0.86 and earlier for Desktop

Description An issue was discovered in the encryption process of heinekingmedia StashCat. The software uses AES in CBC mode to encrypt messages with a pseudo-random secret. However, the secret and the IV are generated using methods that are not cryptographically strong, specifically math.random() in previous versions and CryptoJS.lib.WordArray.random() in newer versions, which internally uses math.random().

Recommendations For heinekingmedia StashCat versions 1.7.5 and earlier for Android, consider updating to a version that uses a cryptographically strong method for generating secrets and IVs. For heinekingmedia StashCat versions 0.0.80w and earlier for Web, consider updating to a version that uses a cryptographically strong method for generating secrets and IVs. For heinekingmedia StashCat versions 0.0.86 and earlier for Desktop, consider updating to a version that uses a cryptographically strong method for generating secrets and IVs.