CVE-2017-15581

Name of the Vulnerable Software and Affected Versions Diary with lock (aka WriteDiary) version 4.72

Description The issue concerns the transmission of data without encryption in the Diary with lock application, which is intended for storing personal and sensitive information. This lack of encryption allows remote attackers to obtain sensitive information by sniffing the network during the execution of certain activities, such as LoginActivity or NoteActivity.

Recommendations For version 4.72, consider disabling the transmission of sensitive data over unencrypted connections as a temporary workaround until a patch is available that implements proper encryption, such as HTTPS, for data transmission. Restrict access to sensitive features like LoginActivity and NoteActivity to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.