CVE-2023-44303

Summary

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688.

Affected Software

VendorProductVersion RangeStatus
DellRVToolsVersions 3.9.2 through 4.4.5affected

Weaknesses

  • CWE-310: CWE-310: Cryptographic Issues

ADP Enrichment

CVE Program Container

Additional References

References