CVE-2020-24227

Name of the Vulnerable Software and Affected Versions Playground Sessions versions 2.5.582 and earlier

Description The issue allows anyone with access to UserProfiles.sol to extract the email and password because user credentials are stored in plain text. This affects Playground Sessions for Windows, where the vulnerable file is located at C:UsersAppDataRoamingPlaygroundLocal Store#SharedObjectsPlayground.swfUserProfiles.sol.

Recommendations For versions 2.5.582 and earlier, consider removing or securing access to the UserProfiles.sol file to prevent unauthorized extraction of user credentials until a patch is available. As a temporary workaround, restrict access to the UserProfiles.sol file to minimize the risk of exploitation. Avoid using the email and password variables in the affected storage mechanism until the issue is resolved.