How severe is CVE-2020-27688?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-27688?

This is classified as CWE-522, which is a common weakness in software security.

CVE-2020-27688

HIGH Year: 2020

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-522

View all →

Vulnerability Description

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.

CVE-2012-3823

HIGH

CVSS:7.5(High)

Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.

CWE-5222012

CVE-2012-6663

HIGH

CVSS:7.5(High)

General Electric D20ME devices are not properly configured and reveal plaintext passwords.

CWE-5222012

CVE-2013-2106

HIGH

CVSS:7.5(High)

webauth before 4.6.1 has authentication credential disclosure

CWE-5222013

CVE-2013-2672

HIGH

CVSS:7.5(High)

Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords.

CWE-5222013

CVE-2013-3313

HIGH

CVSS:7.5(High)

The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can al...

CWE-5222013

CVE-2013-3620

HIGH

CVSS:7.5(High)

Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generati...

CWE-5222013

CVE-2020-27688

Vulnerability Description

Related Vulnerabilities

CVE-2012-3823

CVE-2012-6663

CVE-2013-2106

CVE-2013-2672

CVE-2013-3313

CVE-2013-3620