CVE-2023-38328

Name of the Vulnerable Software and Affected Versions eGroupWare version 17.1.20190111

Description An issue affects the setup panel under setup/manageheader.php, allowing authenticated remote attackers with administrator credentials to read a cleartext database password due to improper password storage. This issue does not specify the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For eGroupWare version 17.1.20190111, consider restricting access to the setup panel under setup/manageheader.php to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.