CVE-2020-37115
7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Openeclass | GUnet OpenEclass | 1.7.3 (2007) | affected |
Weaknesses
- CWE-256: Use of Hard-coded Password or Plaintext Storage of a Password
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://www.exploit-db.com/exploits/48163
- https://www.openeclass.org/
- https://download.openeclass.org/files/docs/1.7/CHANGES.txt
- https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-plaintext-password-storage
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.