Article Number: 000219712
High
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
---|---|---|---|
CVE-2023-44303 |
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. |
7.5 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
---|---|---|---|
CVE-2023-44303 |
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility (RVToolsPasswordEncryption.exe) and main application (RVTools.exe). A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially exploit this vulnerability, leading to the disclosure of encrypted passwords in clear text. This vulnerability is caused by an incomplete fix for CVE-2020-27688. |
7.5 |
CVEs Addressed |
Product |
Affected Versions |
Remediated Versions |
Link |
CVE-2023-44303 |
RVTools |
Versions 3.9.2 through 4.4.5
|
Version 4.5.0
|
CVEs Addressed |
Product |
Affected Versions |
Remediated Versions |
Link |
CVE-2023-44303 |
RVTools |
Versions 3.9.2 through 4.4.5
|
Version 4.5.0
|
CVE ID |
Workaround and Mitigation |
---|---|
CVE-2023-44303 |
Users using or who wish to stay on an affected version should utilize pass-through authentication. See RVTools PDF documentation (RVTools - Download | RVTools (robware.net)) for instructions on how to utilize this mechanism. |
Dell Technologies would like to thank Matthias Maes for reporting this issue to RVTools
Revision |
Date |
Description |
---|---|---|
1.0 |
2023-11-23 |
Initial Release |
Product Security Information
23 Nov 2023
Dell Security Advisory