CVE-2020-27747

MEDIUM Year: 2020
CVSS v3 Score
6.8
Medium
CVSS v2 Score
2.1
Low
Weakness Type
CWE-307
View all →

Vulnerability Description

An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account.

Related Vulnerabilities

CVE-2021-44033

MEDIUM
CVSS:6.8(Medium)

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed.

CWE-3072021

CVE-2024-38888

MEDIUM
CVSS:6.8(Medium)

An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper res...

CWE-3072024

CVE-2018-19021

MEDIUM
CVSS:6.5(Medium)

A specially crafted script could bypass the authentication of a maintenance port of Emerson DeltaV DCS Versions 11.3.1, 11.3.2, 12.3.1, 13.3.1, 14.3, R5.1, R6 and prior, which may allow an attacker to...

CWE-3072018

CVE-2019-18917

MEDIUM
CVSS:6.5(Medium)

A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.

CWE-3072019

CVE-2020-28206

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of Excessive Authentication Attempts" vulnerability exists in the admin lo...

CWE-3072020

CVE-2020-29136

MEDIUM
CVSS:6.5(Medium)

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).

CWE-3072020