Lucene search

AttackerKBAKB:66259758-8E26-4B5C-A2D1-9124D56A701A

HistoryFeb 26, 2020 - 12:00 a.m.

CVE-2020-9337

2020-02-2600:00:00

attackerkb.com

EPSS

0.001

Percentile

28.4%

In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.

Recent assessments:

horshark at March 09, 2020 8:13pm UTC reported:

Recap

Nothing deep, passwords are sent using Base64.

Ability to monitor networking traffic during user authentification.

Possibility to retrieve and decode users’ passwords and gain access to their accounts.

rootOptional at March 09, 2020 8:02pm UTC reported:

Nothing deep, passwords are sent using Base64.

Ability to monitor networking traffic during user authentification.

Possibility to retrieve and decode users’ passwords and gain access to their accounts.

SherlockSec at March 09, 2020 8:23pm UTC reported:

Nothing deep, passwords are sent using Base64.

Ability to monitor networking traffic during user authentification.

Possibility to retrieve and decode users’ passwords and gain access to their accounts.

Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 2

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9337

github.com/0xEmma/CVEs/blob/master/CVEs/CVE-2020-9337-Golf-Buddy-Insecure-Passwords.md

help.golfbuddyglobal.com/sList.asp?searchproduct=29&searchcategory=5

EPSS

0.001

Percentile

28.4%

Related for AKB:66259758-8E26-4B5C-A2D1-9124D56A701A