Vulnerability: Insecure Data Storage
CVSS 3.x Base Score: 7.5 HIGH
Description of the application:
Multimedia notes application for iPhone, iPad and Apple Watch.
Users can lock their notes with a password in “Memono” version 3.8. So, users need to know password to read notes. But these notes are stored in database without encryption and attacker can read the password protected notes without having the password. Notes are stored in “ZENTITY” table in “memono.sqlite” database.