What is CVE-2020-8968?

CVE-2020-8968 is a vulnerability in Parallels Remote Application Server (RAS) that allows a local attacker to retrieve certain profile passwords in clear text format.

What is the impact of CVE-2020-8968?

The confidentiality, availability, and integrity of the user's information could be compromised if an attacker successfully exploits CVE-2020-8968.

What is the severity of CVE-2020-8968?

CVE-2020-8968 has a severity rating of 7.1 (high).

Is there a fix for CVE-2020-8968?

Yes, it is recommended to update to a version of Parallels Remote Application Server (RAS) that is higher than 17.0 to mitigate the vulnerability.

Vulnerability/
CVE-2020-8968

high

CWE

255

17/12/2021

17/9/2024

CVE-2020-8968: Parallels Remote Application Server credentials management errors

Q: How can an attacker exploit CVE-2020-8968?

An attacker can exploit CVE-2020-8968 by uploading a previously stored cyphered file by Parallels RAS to retrieve the profile passwords in clear text format.

First published: Fri Dec 17 2021(Updated: )

Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password.

Credit: cve-coordination@incibe.es cve-coordination@incibe.es

Affected Software	Affected Version	How to fix
Parallels Remote Application Server	>=15.5<=17.0

Remedy

Parallels periodically publish the fixes and note patches in their knowledge base.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-8968?
CVE-2020-8968 is a vulnerability in Parallels Remote Application Server (RAS) that allows a local attacker to retrieve certain profile passwords in clear text format.
How can an attacker exploit CVE-2020-8968?
An attacker can exploit CVE-2020-8968 by uploading a previously stored cyphered file by Parallels RAS to retrieve the profile passwords in clear text format.
What is the impact of CVE-2020-8968?
The confidentiality, availability, and integrity of the user's information could be compromised if an attacker successfully exploits CVE-2020-8968.
What is the severity of CVE-2020-8968?
CVE-2020-8968 has a severity rating of 7.1 (high).
Is there a fix for CVE-2020-8968?
Yes, it is recommended to update to a version of Parallels Remote Application Server (RAS) that is higher than 17.0 to mitigate the vulnerability.

collector/nvd-index
collector/nvd-api
agent/weakness
agent/title
agent/references
agent/severity
agent/author
agent/type
agent/event
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/parallels
canonical/parallels remote application server
version/parallels remote application server/15.5
version/parallels remote application server/17.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.