Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-27688 PoC — Robware RVTools PasswordEncryption 安全漏洞

Source
https://github.com/matthiasmaes/CVE-2020-27688
Associated Vulnerability
Title:Robware RVTools PasswordEncryption 安全漏洞 (CVE-2020-27688)
Description:Robware RVTools是Robware组织的一个虚拟机管理工具。该软件可以列出有关VM,CPU,内存,磁盘,分区,网络,软盘驱动器,CD驱动器,快照,VMware工具,资源池,群集,ESX主机,HBA,Nics,交换机,端口,分布式交换机,分布式的信息端口,服务控制台,VM内核,数据存储,多路径信息,许可证信息和运行状况检查。 RVTools 4.0.6 版本中的RVToolsPasswordEncryption.exe存在安全漏洞,该漏洞允许用户在配置文件中使用加密过的密码,该加密密码可通过De
Description
CVE-2020-27688
Readme
# CVE-2020-27688

## Introduction
RVTools is an application developed by [Robware.net](https://www.robware.net/rvtools/) and is written in .NET 4.6.1. It interacts with vSphere enviroments to extract information in a CSV or XLSX format. It can be run through an GUI or using an input CSV File in which the information is stored to connect to the vSphere environment. The password in the CSV file is encrypted using a proprietary encryption application. The encrypted password can be identified by the "\_RVTools" prefix.

## Affected versions
<= 4.0.6

## Vulnerability
The encryption is configured using a static IV and KEY, using reverse engineering techiques it is possible to extract this IV and KEY. These values can be used to decrypt the password used in the configuration files.

## POC
This repository contains the .NET code to decrypt the encrypted password using the static IV and KEY.
File Snapshot

 [4.0K]  /data/pocs/b3482cfeb041d84ca991f5469d3fefe4112c683b
├── [1.0K]  LICENSE
├── [ 897]  README.md
└── [4.0K]  RVToolDecryptor
    ├── [4.0K]  RVToolDecryptor
    │   ├── [4.0K]  bin
    │   │   └── [4.0K]  Debug
    │   │       └── [4.0K]  netcoreapp3.1
    │   │           ├── [ 415]  RVToolDecryptor.deps.json
    │   │           ├── [6.5K]  RVToolDecryptor.dll
    │   │           ├── [170K]  RVToolDecryptor.exe
    │   │           ├── [9.6K]  RVToolDecryptor.pdb
    │   │           ├── [ 179]  RVToolDecryptor.runtimeconfig.dev.json
    │   │           └── [ 146]  RVToolDecryptor.runtimeconfig.json
    │   ├── [2.7K]  Decyptor.cs
    │   ├── [4.0K]  obj
    │   │   ├── [4.0K]  Debug
    │   │   │   └── [4.0K]  netcoreapp3.1
    │   │   │       ├── [ 995]  RVToolDecryptor.AssemblyInfo.cs
    │   │   │       ├── [  41]  RVToolDecryptor.AssemblyInfoInputs.cache
    │   │   │       ├── [ 146]  RVToolDecryptor.assets.cache
    │   │   │       ├── [ 424]  RVToolDecryptor.csprojAssemblyReference.cache
    │   │   │       ├── [  41]  RVToolDecryptor.csproj.CoreCompileInputs.cache
    │   │   │       ├── [1.5K]  RVToolDecryptor.csproj.FileListAbsolute.txt
    │   │   │       ├── [6.5K]  RVToolDecryptor.dll
    │   │   │       ├── [170K]  RVToolDecryptor.exe
    │   │   │       ├── [  41]  RVToolDecryptor.genruntimeconfig.cache
    │   │   │       └── [9.6K]  RVToolDecryptor.pdb
    │   │   ├── [1.9K]  project.assets.json
    │   │   ├── [ 328]  project.nuget.cache
    │   │   ├── [2.1K]  RVToolDecryptor.csproj.nuget.dgspec.json
    │   │   ├── [1.3K]  RVToolDecryptor.csproj.nuget.g.props
    │   │   └── [ 289]  RVToolDecryptor.csproj.nuget.g.targets
    │   └── [ 170]  RVToolDecryptor.csproj
    └── [1.1K]  RVToolDecryptor.sln

8 directories, 26 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.