CVE-2020-8968 HIGH

CVE-2020-8968: Parallels Remote Application Server credentials management errors

Vendor Parallels
Product Parallels Remote Application Server (Client)
Weakness CWE-255
Published December 17, 2021
Last update September 17, 2024

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.

Key dates

02Disclosure timeline

December 17, 2021 CVE published
September 17, 2024 Record updated