Vulnerabilities > CVE-2024-1344 - Unspecified vulnerability in Laborofficefree 19.10

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

laborofficefree

critical

NVD

Published: 2024-02-19

Updated: 2025-03-24

Summary

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\LaborOfficeFree\' directory. This user can log in remotely and has root-like privileges.

Vulnerable Configurations

Part	Description	Count
Application	Laborofficefree Laborofficefree Laborofficefree 19.10	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree