RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688.
References
Link | Resource |
---|---|
https://www.dell.com/support/kbdoc/en-us/000219712/dsa-2023-426-security-update-for-rvtools-vulnerabilities | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dell
Published: 2023-11-24T02:38:09.964Z
Updated: 2023-11-24T02:38:09.964Z
Reserved: 2023-09-28T09:44:52.815Z
Link: CVE-2023-44303
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-24T03:15:07.317
Modified: 2023-12-01T20:16:07.103
Link: CVE-2023-44303
JSON object: View
Redhat Information
No data.