CVE-2020-37135
Authentication Bypass in AMSS++ 4.7 via Hardcoded Credentials
Publication date: 2026-02-07
Last updated on: 2026-02-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amssplus | amss | to 4.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2020-37135 is an authentication bypass vulnerability in AMSS++ version 4.7 and earlier. It occurs because the software contains hardcoded default credentialsβa backdoor administrative account with the username "admin" and password "1234". This allows attackers to log in without proper authentication and gain unauthorized administrative access to the system.'}] [2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows attackers to gain unauthorized administrative access remotely without any privileges or user interaction. Once inside, attackers can potentially control the system, access sensitive data, and disrupt operations. The CVSS v4 base score of 9.3 reflects the high severity and critical risk posed by this flaw.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to log in to the AMSS++ 4.7 administrative interface using the default hardcoded credentials: username "admin" and password "1234".'}, {'type': 'paragraph', 'content': 'Network detection might involve scanning for the presence of AMSS++ 4.7 web applications and testing authentication endpoints for acceptance of these default credentials.'}, {'type': 'paragraph', 'content': 'Specific commands are not provided in the available resources.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include changing the default hardcoded credentials from username "admin" and password "1234" to a strong, unique password to prevent unauthorized access.'}, {'type': 'paragraph', 'content': 'If possible, update or patch the AMSS++ software to a version that does not contain this vulnerability.'}, {'type': 'paragraph', 'content': 'Restrict network access to the administrative interface to trusted hosts only.'}] [2]