CVE-2023-44303

Name of the Vulnerable Software and Affected Versions RVTools versions 3.9.2 and above

Description The issue is related to errors in cryptographic transformations, which can allow a remote attacker to gain unauthorized access to protected information. Specifically, the vulnerability in the password encryption utility and the main application can lead to the disclosure of encrypted passwords in clear text. This is caused by an incomplete fix for a previous issue.

Recommendations For RVTools versions 3.9.2 and above, consider disabling the password encryption utility (RVToolsPasswordEncryption.exe) and restricting access to the main application (RVTools.exe) until a complete fix is available. Additionally, restrict access to stored encrypted passwords to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.