CVE-2023-38328

Published: Oct 26, 2023Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.

Affected (1)

Products: Egroupware: Egroupware

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Egroupware Egroupware	Version 17.1.20190111

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.gruppotim.it/it/footer/red-team.html

Source: cve@mitre.org

Third Party Advisory

https://www.gruppotim.it/it/footer/red-team.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.