-
Type:
Fix
-
Status: Released (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.12, 1.13.2, 1.13.3
-
Labels:None
-
CVE-ID:CVE-2020-12712
- JOE can be configured to store passwords and passphrases on the computer where JOE is executed.
- Such data are obfuscated with a symmetric key. The vulnerability is about the fact that obfuscation is not secure and that the symmetric key can be guessed.
- See also https://en.wikipedia.org/wiki/Obfuscation_(software)