PT-2024-1925 · Unknown · Mysql Server+1
Alejandro Baño Andrés
+3
·
Published
2024-02-08
·
Updated
2024-03-05
·
CVE-2024-1346
CVSS v3.1
6.8
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
LaborOfficeFree version 19.10
Description
The issue is related to a weak MySQL database root password in LaborOfficeFree. This allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants. The vulnerability is associated with weak password requirements. Exploitation of this issue may enable an attacker to obtain the root password of the MySQL database.
Recommendations
For LaborOfficeFree version 19.10, consider changing the MySQL database root password to a stronger one to prevent exploitation. As a temporary workaround, restrict access to the MySQL database until a more secure password is implemented.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Laborofficefree
Mysql Server