exploitDog

CVE-2020-27688

Опубликовано: 05 нояб. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.

Ссылки

https://github.com/matthiasmaes/CVE-2020-27688
Third Party Advisory
https://www.robware.net/rvtools/
Product
Vendor Advisory
https://github.com/matthiasmaes/CVE-2020-27688
Third Party Advisory
https://www.robware.net/rvtools/
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:robware:rvtools:4.0.6:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08027

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-m63f-6r3q-6w4p

github

больше 3 лет назад

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.

EPSS

Процентиль: 92%

0.08027

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522