Remote Access to Sensitive Data through Encrypted Database Credentials
CVE-2024-1344

9.8CRITICAL

Key Information:

Vendor: LaborOfficeFree
Status: LaborOfficeFree
Vendor: CVE Published:; 19 February 2024

🔔 Create LaborOfficeFree Vulnerability Alert

What is CVE-2024-1344?

A vulnerability in LaborOfficeFree allows attackers to exploit encrypted database credentials. Specifically, this issue affects version 19.10, enabling unauthorized users to read and extract sensitive username and password data from 'LOF_service.exe' and 'LaborOfficeFree.exe' files. Once compromised, adversaries can gain remote access with root-like privileges, posing significant risks to systems and data integrity.

Affected Version(s)

LaborOfficeFree 19.10

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2024
Vulnerability Reserved
Feb 8, 2024

Credit

Pedro Gabaldón Juliá

Javier Medina Munuera

Antonio José Gálvez Sánchez

Alejandro Baño Andrés