CVE-2020-27688
Last modified
CVE-2020-27688 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. EPSS estimates a 1.92% chance of exploitation in the next 30 days.
Description
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Robware | Rvtools | 4.0.6 |
References
- https://github.com/matthiasmaes/CVE-2020-27688Third Party Advisory
- https://www.robware.net/rvtools/Product, Vendor Advisory
- https://github.com/matthiasmaes/CVE-2020-27688Third Party Advisory
- https://www.robware.net/rvtools/Product, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-27688?
How severe is CVE-2020-27688?
How do I fix CVE-2020-27688?
Are you affected by CVE-2020-27688?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST