CVE-2024-1344

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Feb 19, 2024
Updated: Feb 20, 2024
CWE ID 798

Summary

CVE-2024-1344 is a newly disclosed vulnerability in LaborOfficeFree version 19.10. The issue lies in the encryption of database credentials for 'LOF_service.exe' and 'LaborOfficeFree.exe' files located in the '%programfiles(x86)%\\LaborOfficeFree\\' directory. An attacker can exploit this vulnerability to read and extract the plaintext username and password from the encrypted form. With these credentials, an attacker gains unauthorized remote access to the affected system, which comes with root-like privileges. This poses a significant risk to the security of the affected system, as an attacker can perform various malicious actions. It is crucial that users of LaborOfficeFree update their software to the latest version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share