CVE-2020-9337

MEDIUM

GolfBuddy Course Manager 1.1 - Inadequate Encryption Strength via Base64-Encoded Password Transmission

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-9337. PoCs published by 0xEmma.

AI-analyzed exploit summary The repository describes an insecure password handling vulnerability in Golf Buddy Course Manager Software Version 1.1, where passwords are transmitted via Base64 encoding, making them easily interceptable. The writeup lacks depth but provides a basic technical overview of the issue.

Description

In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.

Exploits (1)

github WRITEUP 4 stars

by 0xEmma · poc

https://github.com/0xEmma/CVEs/tree/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md

View Code ZIP pw:eip

The repository describes an insecure password handling vulnerability in Golf Buddy Course Manager Software Version 1.1, where passwords are transmitted via Base64 encoding, making them easily interceptable. The writeup lacks depth but provides a basic technical overview of the issue.

Classification

Writeup 80%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Golf Buddy Course Manager Software Version 1.1

No auth needed

Prerequisites: network monitoring capability

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5

Third Party Advisory x_refsource_misc

https://github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md

View Writeup ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0054

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-326 CWE-200

Status published

Products (1)

golfbuddyglobal/course_manager 1.1

Published Feb 26, 2020

Tracked Since Feb 18, 2026