CVE-2020-37115 | THREATINT

Description

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.

PUBLISHED Reserved 2026-02-03 | Published 2026-02-03 | Updated 2026-02-04 | Assigner VulnCheck

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Use of Hard-coded Password or Plaintext Storage of a Password

Product status

1.7.3 (2007)

affected

Credits

emaragkos finder

References

www.exploit-db.com/exploits/48163 (ExploitDB-48163) exploit

www.openeclass.org/ (Official Vendor Homepage) product

download.openeclass.org/files/docs/1.7/CHANGES.txt (Changelog) patch

www.vulncheck.com/...ing-platform-plaintext-password-storage (VulnCheck Advisory: GUnet OpenEclass 1.7.3 E-learning platform - Plaintext Password Storage) third-party-advisory

cve.org (CVE-2020-37115)

nvd.nist.gov (CVE-2020-37115)

Download JSON