GUnet OpenEclass 1.7.3 E-learning platform - Plaintext Password Storage | Advisories

Advisories

GUnet OpenEclass 1.7.3 E-learning platform - Plaintext Password Storage

severity: medium
date: 2/3/2026
Affecting: GUnet OpenEclass <= 1.7.3 (2007)
CVE: CVE-2020-37115
CWE: CWE-256 Use of Hard-coded Password or Plaintext Storage of a Password
CVSS: 7.1
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-48163
Official Vendor Homepage
Changelog
Credit: emaragkos
Description: GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo