RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.
References
Link | Resource |
---|---|
https://github.com/matthiasmaes/CVE-2020-27688 | Third Party Advisory |
https://www.robware.net/rvtools/ | Product Vendor Advisory |
https://github.com/matthiasmaes/CVE-2020-27688 | Third Party Advisory |
https://www.robware.net/rvtools/ | Product Vendor Advisory |
Configurations
History
21 Nov 2024, 05:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/matthiasmaes/CVE-2020-27688 - Third Party Advisory | |
References | () https://www.robware.net/rvtools/ - Product, Vendor Advisory |
Information
Published : 2020-11-05 15:15
Updated : 2024-11-21 05:21
NVD link : CVE-2020-27688
Mitre link : CVE-2020-27688
CVE.ORG link : CVE-2020-27688
JSON object : View
Products Affected
robware
- rvtools
CWE
CWE-522
Insufficiently Protected Credentials