Uploaded image for project: 'JOE - JobScheduler Object Editor'
  1. JOE - JobScheduler Object Editor
  2. JOE-290

Password Obfuscation Vulnerability (CVE-2020-12712)

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Major
    • Resolution: Fixed
    • 1.12, 1.13.2, 1.13.3
    • 1.12.13, 1.13.4
    • None
    • CVE-2020-12712

    Description

      • JOE can be configured to store passwords and passphrases on the computer where JOE is executed.
      • Such data are obfuscated with a symmetric key. The vulnerability is about the fact that obfuscation is not secure and that the symmetric key can be guessed.
      • See also https://en.wikipedia.org/wiki/Obfuscation_(software)

      Attachments

        Issue Links

          is related to

          Fix - JOE-291 Some password are not handled correctly by JOE

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released

          Fix - JOE-294 JOE does not decrypt an encrypted password

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Released

          Activity

            People

              ur Uwe Risse (Inactive)
              ap Andreas Püschel
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: