CVE-2020-27747

EIP tracks 1 public exploit for CVE-2020-27747. PoCs published by jet-pentest.

AI-analyzed exploit summary This repository contains a writeup describing CVE-2020-27747, a brute force vulnerability in Click Studios Passwordstate 8.9 (Build 8973) due to improper restriction of excessive authentication attempts on the mobile login page. The vulnerability allows remote attackers to brute force a 4-digit PIN code.

An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account.