Login Sign Up

CVE-2020-11560

7.8 HIGH

📋 TL;DR

CVE-2020-11560 is a vulnerability in NCH Express Invoice 7.25 that allows local users to read cleartext passwords from the application's configuration file. This affects users of NCH Express Invoice 7.25 on Windows systems where local access to the configuration file is possible.

💻 Affected Systems

Products:
  • NCH Express Invoice
Versions: 7.25
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default configuration where passwords are stored in cleartext in configuration files accessible to local users.

📦 What is this software?

Express Invoice by Nchsoftware

View all CVEs affecting Express Invoice →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access can steal administrative credentials, potentially leading to full system compromise, data theft, or privilege escalation.

🟠

Likely Case

Local users or malware can extract passwords, potentially compromising the application and any systems using the same credentials.

🟢

If Mitigated

With proper access controls and file permissions, the risk is limited to authorized local users only.

🌐 Internet-Facing: LOW - This requires local access to the system, not remote exploitation.
🏢 Internal Only: HIGH - Local users (including malware) can easily read the configuration file containing cleartext passwords.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local file read access. Public proof-of-concept demonstrates reading the configuration file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 7.25

Vendor Advisory: https://www.nchsoftware.com/invoice/versions.html

Restart Required: Yes

Instructions:

1. Download and install the latest version of NCH Express Invoice from the official website. 2. Restart the application. 3. Change all passwords that were stored in the vulnerable version.

🔧 Temporary Workarounds

Restrict File Permissions

windows

Set strict file permissions on the configuration file to prevent unauthorized local users from reading it.

icacls "C:\Program Files (x86)\NCH Software\ExpressInvoice\config.ini" /deny Users:R
icacls "C:\ProgramData\NCH Software\ExpressInvoice\config.ini" /deny Users:R

🧯 If You Can't Patch

  • Implement strict access controls to limit local user access to the system.
  • Monitor for unauthorized access to the configuration file using file integrity monitoring.

🔍 How to Verify

Check if Vulnerable:

Check if NCH Express Invoice version 7.25 is installed and if the configuration file contains cleartext passwords.

Check Version:

Check Help > About in the application or examine the installation directory for version information.

Verify Fix Applied:

Verify the application version is updated beyond 7.25 and that passwords are no longer stored in cleartext in configuration files.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access events to the configuration file from non-administrative users.

Network Indicators:

  • No network indicators as this is a local vulnerability.

SIEM Query:

EventID=4663 AND ObjectName LIKE '%ExpressInvoice%config.ini%' AND Accesses='ReadData'

📊 Metadata

CVE ID: CVE-2020-11560
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-522
Published: April 7, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-11560, you might also want to check these:

CVE-2024-51545 10.0

This CVE describes a username enumeration vulnerability in ABB industrial control system products th...

Same vulnerability type (CWE-522)
CVE-2021-30116 10.0

CVE-2021-30116 is an authentication bypass vulnerability in Kaseya VSA that allows unauthenticated a...

Same vulnerability type (CWE-522)
CVE-2025-0867 9.9

This vulnerability allows standard users to execute commands with administrative privileges through ...

Same vulnerability type (CWE-522)