Description
NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://cvewalkthrough.com/cve-2020-13473-nch-account-clear-text-password-storage/
Exploit, Third Party Advisory x_refsource_misc
https://tejaspingulkar.blogspot.com/2020/12/cve-2020-13473-nch-account-clear-text.html
Scores
CVSS v3
5.5
EPSS
0.0029
EPSS Percentile
20.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (1)
nchsoftware/express_accounts
< 8.24
Published
Dec 28, 2020
Tracked Since
Feb 18, 2026