Cancel

Memono | Insecure Data Storage [IOS] | CVE-2020-11826

Feb 23, 2020 2020-02-23T11:33:00+08:00 by Fatih Çelik

1 min

Vendor: http://memono-app.com/

Version: 3.8

Vulnerability: Insecure Data Storage

CVE: CVE-2020-11826

CVSS 3.x Base Score: 7.5 HIGH

Description of the application:

Multimedia notes application for iPhone, iPad and Apple Watch.

Vulnerability:

Users can lock their notes with a password in “Memono” version 3.8. So, users need to know password to read notes. But these notes are stored in database without encryption and attacker can read the password protected notes without having the password. Notes are stored in “ZENTITY” table in “memono.sqlite” database.

Vulnerability Research

vulnerability research

This post is licensed under CC BY 4.0 by the author.

Recent Update

Missing IP Address Control in isPublic() Function Leads to SSRF Bypass PoC
Group Office CRM | Stored XSS via SVG File
Group Office CRM | SSRF
Division By Zero | Deark
NULL Pointer Dereference | Deark

Memono | Insecure Data Storage [IOS] | CVE-2020-11826

Further Reading

CMSUno 1.6.2 | RCE [Authenticated] (password.php) | CVE-2020-25557

Sentrifugo 3.2 | RCE [Authenticated] (announcements) | CVE-2020-26804

Sentrifugo 3.2 | RCE [Authenticated] (assets) | CVE-2020-26803

Trending Tags