← Zuruck zu CVEs
CVE-2020-27688
HIGH7.5
Beschreibung
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht11/5/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
robware:rvtools
Schwachen (CWE)
CWE-522
Referenzen
https://github.com/matthiasmaes/CVE-2020-27688(cve@mitre.org)
https://www.robware.net/rvtools/(cve@mitre.org)
https://github.com/matthiasmaes/CVE-2020-27688(af854a3a-2127-422b-91ae-364da2661108)
https://www.robware.net/rvtools/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.