CVE-2024-1344 Information

Description

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of ‘LOF_service.exe’ and ‘LaborOfficeFree.exe’ located in the ‘%programfiles(x86)%\LaborOfficeFree' directory. This user can log in remotely and has root-like privileges.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree