CVE-2017-15582

Name of the Vulnerable Software and Affected Versions WriteDiary application version 4.72

Description The issue concerns the use of hardcoded SecretKey and iv variables for AES parameters in the net.MCrypt component of the application. This makes it easier for attackers to obtain the cleartext of stored diary entries.

Recommendations For version 4.72, consider updating the application to use dynamically generated keys and initialization vectors for AES encryption to prevent easy access to stored diary entries. As a temporary workaround, restrict access to the diary entries to minimize the risk of exploitation.