CVE-2020-27747

MEDIUM

Clickstudios Passwordstate - Brute Force

Title source: rule

Description

An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account.

Exploits (1)

nomisec WRITEUP 1 stars

by jet-pentest · poc

https://github.com/jet-pentest/CVE-2020-27747

View Code ZIP pw:eip

References (2)

Core 2

Core References

Product, Vendor Advisory x_refsource_misc

https://www.clickstudios.com.au/

Third Party Advisory x_refsource_misc

https://github.com/jet-pentest/CVE-2020-27747

Scores

CVSS v3 6.8

EPSS 0.0066

EPSS Percentile 71.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-307

Status published

Products (1)

clickstudios/passwordstate 8.9 build_8973

Published Oct 29, 2020

Tracked Since Feb 18, 2026