Vulnerabilities > CVE-2024-1345 - Improper Restriction of Excessive Authentication Attempts vulnerability in Laborofficefree 19.10

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

laborofficefree

CWE-307

NVD

Published: 2024-02-19

Updated: 2025-03-24

Summary

Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password.

Vulnerable Configurations

Part	Description	Count
Application	Laborofficefree Laborofficefree Laborofficefree 19.10	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree