Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clickstudios:passwordstate:8.9:build_8973:*:*:*:*:*:*", "matchCriteriaId": "10709721-8C56-4A4C-A283-17D521836821", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Click Studios Passwordstate versi\u00f3n 8.9 (Build 8973). Si el usuario del sistema se ha asignado a s\u00ed mismo un c\u00f3digo PIN para ingresar desde un dispositivo m\u00f3vil usando el generador incorporado (de 4 d\u00edgitos), un atacante remoto tiene la oportunidad de conducir un ataque de fuerza bruta en este c\u00f3digo PIN. Como resultado, el atacante remoto recupera todas las contrase\u00f1as de otros sistemas, disponibles para una cuenta afectada"}], "id": "CVE-2020-27747", "lastModified": "2024-11-21T05:21:45.057", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-29T18:15:12.613", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/jet-pentest/CVE-2020-27747"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.clickstudios.com.au/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/jet-pentest/CVE-2020-27747"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "https://www.clickstudios.com.au/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}]}