CVE-2020-24227

HIGH

Playground Sessions <2.5.582 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-24227. PoCs published by nathunandwani.

AI-analyzed exploit summary This repository documents CVE-2020-24227, an information disclosure vulnerability in Playground Sessions v2.5.582 (and earlier) for Windows, where user credentials are stored in plaintext in a local file. The README provides details on the location of the exposed credentials and includes screenshots as proof.

Description

Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password.

Exploits (1)

nomisec WRITEUP 9 stars

by nathunandwani · poc

https://github.com/nathunandwani/CVE-2020-24227

View Code ZIP pw:eip

This repository documents CVE-2020-24227, an information disclosure vulnerability in Playground Sessions v2.5.582 (and earlier) for Windows, where user credentials are stored in plaintext in a local file. The README provides details on the location of the exposed credentials and includes screenshots as proof.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Playground Sessions v2.5.582 (and earlier)

No auth needed

Prerequisites: Local access to the affected system

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/nathunandwani/CVE-2020-24227

Scores

CVSS v3 7.5

EPSS 0.0062

EPSS Percentile 70.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-522

Status published

Products (1)

playgroundsessions/playground_sessions < 2.5.582

Published Nov 23, 2020

Tracked Since Feb 18, 2026