RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The accounts used in the configuration files have access to vSphere instances.
References
Link | Resource |
---|---|
https://github.com/matthiasmaes/CVE-2020-27688 | Third Party Advisory |
https://www.robware.net/rvtools/ | Product Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-05T14:59:51
Updated: 2020-11-05T14:59:51
Reserved: 2020-10-23T00:00:00
Link: CVE-2020-27688
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-05T15:15:35.843
Modified: 2020-11-13T19:50:59.870
Link: CVE-2020-27688
JSON object: View
Redhat Information
No data.
CWE