High
CVE-2020-9337
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2020-9337
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
Add Assessment
Ratings
-
Attacker ValueMedium
-
ExploitabilityMedium
Technical Analysis
Recap
Nothing deep, passwords are sent using Base64.
Requires
Ability to monitor networking traffic during user authentification.
Loot
Possibility to retrieve and decode users’ passwords and gain access to their accounts.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportRatings
-
Attacker ValueMedium
-
ExploitabilityLow
Technical Analysis
This exploit is fairly straight forward, for an actor to exploit this they would only have to intercept the networking traffic sent when a user submits their credentials for authentication. Because of the weak encoding used (Base64) it would be easy to decode and gain access to a users credentials allowing potential account takeovers.
The only difficulty is the lack of connectivity that the affected devices have.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportRatings
-
Attacker ValueHigh
-
ExploitabilityVery Low
Technical Analysis
There’s not a lot of information about this CVE, however the notice does give us some insight. This appears to me to be a simple Man-In-The-Middle attack: one that you’d be incredibly lucky to have a use for in the wild. As such, useability for this CVE is low. If kmore information comes forward regarding this CVE, I shall update my assessment accordingly.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- golfbuddyglobal
Products
- course manager 1.1
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: