CVE-2020-27688

HIGH

Robware Rvtools - Insufficiently Protected Credentials

Title source: rule

Description

RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.

Exploits (1)

nomisec WORKING POC 1 stars
by matthiasmaes · poc
https://github.com/matthiasmaes/CVE-2020-27688

References (2)

Scores

CVSS v3 7.5
EPSS 0.0803
EPSS Percentile 92.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-522
Status published

Affected Products (1)

robware/rvtools

Timeline

Published Nov 05, 2020
Tracked Since Feb 18, 2026