CVE-2020-37115

Summary

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.

Affected Software

VendorProductVersion RangeStatus
OpeneclassGUnet OpenEclass1.7.3 (2007)affected

Weaknesses

  • CWE-256: Use of Hard-coded Password or Plaintext Storage of a Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References