Soplanning 1.32 and previous versions generates static links for sharing ICAL calendars with embedded login information, which allows remote malicious users to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
soplanning soplanning |