CVE-2023-38328: Insufficiently Protected Credentials

October 26, 2023 (updated November 7, 2023)

An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.

References

nvd.nist.gov/vuln/detail/CVE-2023-38328
www.gruppotim.it/it/footer/red-team.html

Detect and mitigate CVE-2023-38328 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →