CVE-2020-24227 Information

Description

Playground Sessions v2.5.582 (and earlier) for Windows stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/nathunandwani/CVE-2020-24227

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5