PT-2020-1798 · Microsoft · Visual Studio

Published

2020-03-10

Updated

2020-03-17

CVE-2020-0884

CVSS v2.0

9.0

High

Vector

AV:N/AC:M/Au:N/C:C/I:P/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Visual Studio (affected versions not specified)

Description A spoofing issue exists due to an unsecured reply URL in Microsoft Visual Studio, which is not protected by SSL. This could allow a remote attacker to gain unauthorized access to sensitive information by tracking network traffic between the client and server. The vulnerability is related to the transmission of credentials in unencrypted form.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

BDU:2020-01049

CVE-2020-0884

Affected Products

Visual Studio

PT-2020-1798 · Microsoft · Visual Studio

CVE-2020-0884

Weakness Enumeration

Related Identifiers

Affected Products

References · 5