CVE-2023-38328

Insufficiently Protected Credentials in packagist/egroupware/egroupware

Identifiers

CVE-2023-38328

Package Slug

packagist/egroupware/egroupware

Vulnerability

Insufficiently Protected Credentials

Description

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.

Affected Versions

Version 17.1.20190111

Solution

Upgrade to version 17.1.20190214 or above.

Last Modified

2023-11-08

source