CVE-2023-44303
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688.
RVTools, versión 3.9.2 y superiores, contiene una vulnerabilidad de exposición de datos confidenciales en la utilidad de cifrado de contraseñas (RVToolsPasswordEncryption.exe) y la aplicación principal (RVTools.exe). Un atacante remoto no autenticado con acceso a contraseñas cifradas almacenadas desde el sistema de un usuario podría explotar esta vulnerabilidad, lo que llevaría a la divulgación de contraseñas cifradas en texto plano. Esta vulnerabilidad se debe a una solución incompleta para CVE-2020-27688.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-09-28 CVE Reserved
- 2023-11-24 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Robware Search vendor "Robware" | Rvtools Search vendor "Robware" for product "Rvtools" | >= 3.9.2 < 4.5.0 Search vendor "Robware" for product "Rvtools" and version " >= 3.9.2 < 4.5.0" | - |
Affected
|