CVE-2020-37115

Sažetak

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.

Reference

https://download.openeclass.org/files/docs/1.7/CHANGES.txt
https://www.exploit-db.com/exploits/48163
https://www.openeclass.org/
https://www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-plaintext-password-storage

CVSS

Base:	6.5
Impact:	3.6
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

04-02-2026 - 16:34

Objavljeno

03-02-2026 - 18:16